diff options
author | Austin Seipp <aseipp@pobox.com> | 2015-03-20 15:36:42 -0500 |
---|---|---|
committer | Austin Seipp <aseipp@pobox.com> | 2015-03-20 15:36:42 -0500 |
commit | 3ff22a924f1bd9c67a57566fe81d68120ce1d37f (patch) | |
tree | 4460b1e2f1dcb6277e5c5029362254c1778cafbb /nixos/modules/security | |
parent | ea2fd84ecd4139db82769dfeafe6da833146bb99 (diff) | |
parent | b0698d4342a0057c019becebc8482ad5ff893f7d (diff) | |
download | nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar.gz nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar.bz2 nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar.lz nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar.xz nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.tar.zst nixpkgs-3ff22a924f1bd9c67a57566fe81d68120ce1d37f.zip |
Merge pull request #6871 from joachifm/apparmor-fixups
Apparmor fixups
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/apparmor.nix | 18 |
1 files changed, 3 insertions, 15 deletions
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix index 92f020edce5..4fef62cbffd 100644 --- a/nixos/modules/security/apparmor.nix +++ b/nixos/modules/security/apparmor.nix @@ -6,37 +6,26 @@ let in { - #### interface options = { - security.apparmor = { - enable = mkOption { type = types.bool; default = false; description = "Enable the AppArmor Mandatory Access Control system."; }; - profiles = mkOption { type = types.listOf types.path; default = []; description = "List of files containing AppArmor profiles."; }; - }; - }; - #### implementation config = mkIf cfg.enable { - - environment.systemPackages = [ - pkgs.apparmor-utils - ]; + environment.systemPackages = [ pkgs.apparmor-utils ]; systemd.services.apparmor = { wantedBy = [ "local-fs.target" ]; - serviceConfig = { Type = "oneshot"; RemainAfterExit = "yes"; @@ -50,12 +39,11 @@ in }; security.pam.services.apparmor.text = '' - ## The AppArmor service changes hats according to order: first try - ## user, then group, and finally fall back to a hat called "DEFAULT" + ## AppArmor changes hats according to `order`: first try user, then + ## group, and finally fall back to a hat called "DEFAULT" ## ## For now, enable debugging as this is an experimental feature. session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug ''; - }; } |