diff options
| author | Janne Heß <janne@hess.ooo> | 2020-11-02 22:42:55 +0100 |
|---|---|---|
| committer | Janne Heß <janne@hess.ooo> | 2020-11-18 10:10:36 +0100 |
| commit | e5e9887e38da3a34519930a21fa6d2ae97ebc407 (patch) | |
| tree | 0f1fcadc19443e40b977d69c34104270277036b9 /nixos/modules/services/system/dbus.nix | |
| parent | 060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06 (diff) | |
| download | nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar.gz nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar.bz2 nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar.lz nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar.xz nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.tar.zst nixpkgs-e5e9887e38da3a34519930a21fa6d2ae97ebc407.zip | |
nixos/dbus: Add AppArmor support
Diffstat (limited to 'nixos/modules/services/system/dbus.nix')
| -rw-r--r-- | nixos/modules/services/system/dbus.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index f8d909a4a3c..d4cacb85694 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -11,6 +11,7 @@ let homeDir = "/run/dbus"; configDir = pkgs.makeDBusConf { + inherit (cfg) apparmor; suidHelper = "${config.security.wrapperDir}/dbus-daemon-launch-helper"; serviceDirectories = cfg.packages; }; @@ -51,6 +52,20 @@ in ''; }; + apparmor = mkOption { + type = types.enum [ "enabled" "disabled" "required" ]; + description = '' + AppArmor mode for dbus. + + <literal>enabled</literal> enables mediation when it's + supported in the kernel, <literal>disabled</literal> + always disables AppArmor even with kernel support, and + <literal>required</literal> fails when AppArmor was not found + in the kernel. + ''; + default = "disabled"; + }; + socketActivated = mkOption { type = types.nullOr types.bool; default = null; |