public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/apparmor: ensure that apparmor is selected at boot

Browse Source 
Otherwise we're subject to whatever defaults were selected at kernel build
time.

See also: https://github.com/NixOS/nixpkgs/issues/61145
This commit is contained in:
Joachim Fasting 2019-05-11 18:19:35 +02:00
parent bc94dcf500
commit 68f5d1fa4c
No known key found for this signature in database
GPG Key ID: 5C204DF675C90294
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/security/apparmor.nix
View File

@ -29,6 +29,8 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.apparmor-utils ]; environment.systemPackages = [ pkgs.apparmor-utils ];
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
systemd.services.apparmor = let systemd.services.apparmor = let
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d") paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
([ pkgs.apparmor-profiles ] ++ cfg.packages); ([ pkgs.apparmor-profiles ] ++ cfg.packages);