nixpkgs/pkgs/os-specific/linux/kernel/linux-3.4.nix
Austin Seipp 92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00

27 lines
1,010 B
Nix

{ stdenv, fetchurl, ... } @ args:
import ./generic.nix (args // rec {
version = "3.4.90";
extraMeta.branch = "3.4";
src = fetchurl {
url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
sha256 = "0kh4y1sbsjm3awplfsd0i59rz7wc1dj23mcs5rwwhc0p7i8w4r75";
};
kernelPatches = args.kernelPatches ++
[ { name = "0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file";
patch = ./apparmor-patches/3.4/0001-UBUNTU-SAUCE-AppArmor-Add-profile-introspection-file.patch;
}
{ name = "0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules";
patch = ./apparmor-patches/3.4/0002-UBUNTU-SAUCE-AppArmor-basic-networking-rules.patch;
}
{ name = "0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou";
patch = ./apparmor-patches/3.4/0003-UBUNTU-SAUCE-apparmor-Add-the-ability-to-mediate-mou.patch;
}];
features.iwlwifi = true;
features.efiBootStub = true;
features.needsCifsUtils = true;
features.netfilterRPFilter = true;
})