lxd: Provide apparmor_parser

Previously, lxd would complain about apparmor_parser being missing:

lxd[1037]: lvl=warn msg="AppArmor support has been disabled because 'apparmor_parser' couldn't be found" t=2018-11-19T18:32:47-0800

We need to provide a wrapped apparmor_parser that knows where to find
<tunables/global>, which is #included by lxd’s generated profiles.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>

1 files changed, 4 insertions, 0 deletions

diff --git a/pkgs/tools/admin/lxd/default.nix b/pkgs/tools/admin/lxd/default.nix
index 09c29517af4..9eb249bc587 100644
--- a/pkgs/tools/admin/lxd/default.nix
+++ b/pkgs/tools/admin/lxd/default.nix
@@ -2,6 +2,7 @@
 , makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq
 , squashfsTools, iproute, iptables, ebtables, libcap, dqlite
 , sqlite-replication
+, writeShellScriptBin, apparmor-profiles, apparmor-parser
 }:
 
 buildGoPackage rec {
@@ -31,6 +32,9 @@ buildGoPackage rec {
 
     wrapProgram $bin/bin/lxd --prefix PATH ":" ${stdenv.lib.makeBinPath [
       acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ebtables
+      (writeShellScriptBin "apparmor_parser" ''
+        exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
+      '')
     ]}
   '';