cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2

apparmor: add apparmor_parser config file

Browse source 
If the config does not exist, then apparmor_parser will throw a warning.
To avoid that and make the parser configurable, we now add a new option
to it.

Signed-off-by: Sascha Grunert <sgrunert@suse.com>
This commit is contained in:
Sascha Grunert 2020-08-22 22:59:26 +02:00
parent 6a7b11055c
commit 2259fbdf4b
No known key found for this signature in database
GPG key ID: 8CE029DD1A866E52
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/security/apparmor.nix
View file

@ -23,11 +23,17 @@ in
default = [];
description = "List of packages to be added to apparmor's include path";
};
parserConfig = mkOption {
type = types.str;
default = "";
description = "AppArmor parser configuration file content";
};
};
};
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.apparmor-utils ];
environment.etc."apparmor/parser.conf".text = cfg.parserConfig;
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];