92abc4c610
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order to work properly (with the minor catch grsecurity -stable includes the 3.2 patches.) This adds them to the kernel builds by default, removes features.apparmor (since it's always true) and makes it the default MAC system. Signed-off-by: Austin Seipp <aseipp@pobox.com>
27 lines
1.1 KiB
Nix
27 lines
1.1 KiB
Nix
{ stdenv, fetchurl, ... } @ args:
|
|
|
|
import ./generic.nix (args // rec {
|
|
version = "3.2.58";
|
|
extraMeta.branch = "3.2";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
|
|
sha256 = "1mszzixiv4k61m241dl2n5s8rca26l6hc40v23lha814nrahjkn1";
|
|
};
|
|
|
|
# We don't provide these patches if grsecurity is enabled, because
|
|
# the grsec 3.2 -stable patchset already includes them.
|
|
kernelPatches = args.kernelPatches ++ (
|
|
stdenv.lib.optional (!(args.features.grsecurity or false))
|
|
[ { name = "0001-AppArmor-compatibility-patch-for-v5-network-controll";
|
|
patch = ./apparmor-patches/3.2/0001-AppArmor-compatibility-patch-for-v5-network-controll.patch;
|
|
}
|
|
{ name = "0002-AppArmor-compatibility-patch-for-v5-interface";
|
|
patch = ./apparmor-patches/3.2/0002-AppArmor-compatibility-patch-for-v5-interface.patch;
|
|
}
|
|
{ name = "0003-AppArmor-Allow-dfa-backward-compatibility-with-broke";
|
|
patch = ./apparmor-patches/3.2/0003-AppArmor-Allow-dfa-backward-compatibility-with-broke.patch;
|
|
}]);
|
|
|
|
features.iwlwifi = true;
|
|
} // (args.argsOverride or {}))
|