b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/dbus: Add AppArmor support

Browse source
This commit is contained in:
Janne Heß 2020-11-02 22:42:55 +01:00
parent 060d20de24
commit e5e9887e38
No known key found for this signature in database
GPG key ID: 69165158F05265DF
1 changed files with 15 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
nixos/modules/services/system/dbus.nix
View file

@ -11,6 +11,7 @@ let
homeDir = "/run/dbus";
configDir = pkgs.makeDBusConf {
inherit (cfg) apparmor;
suidHelper = "${config.security.wrapperDir}/dbus-daemon-launch-helper";
serviceDirectories = cfg.packages;
};
@ -51,6 +52,20 @@ in
'';
};
apparmor = mkOption {
type = types.enum [ "enabled" "disabled" "required" ];
description = ''
AppArmor mode for dbus.
<literal>enabled</literal> enables mediation when it's
supported in the kernel, <literal>disabled</literal>
always disables AppArmor even with kernel support, and
<literal>required</literal> fails when AppArmor was not found
in the kernel.
'';
default = "disabled";
};
socketActivated = mkOption {
type = types.nullOr types.bool;
default = null;