summary refs log tree commit diff
path: root/pkgs/development/libraries/dbus
diff options
context:
space:
mode:
authorJanne Heß <janne@hess.ooo>2020-11-02 22:11:38 +0100
committerJanne Heß <janne@hess.ooo>2020-11-18 10:10:25 +0100
commit060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06 (patch)
treea3d720714a1e8913c5a17883e5c166c70d297127 /pkgs/development/libraries/dbus
parente949d758998fafbef608adcf9f54d79a6e7da4c8 (diff)
downloadnixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar.gz
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar.bz2
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar.lz
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar.xz
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.tar.zst
nixpkgs-060d20de2415fdb4a9b8d8be18dff4e7e4b7ca06.zip
dbus: Enable AppArmor mediation support
Diffstat (limited to 'pkgs/development/libraries/dbus')
-rw-r--r--pkgs/development/libraries/dbus/default.nix8


-rw-r--r--pkgs/development/libraries/dbus/make-dbus-conf.nix5


-rw-r--r--pkgs/development/libraries/dbus/make-session-conf.xsl4


-rw-r--r--pkgs/development/libraries/dbus/make-system-conf.xsl4


4 files changed, 18 insertions, 3 deletions
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index b3723f1b4d2..4480d197fa7 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -5,6 +5,8 @@
 , expat
 , enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl
 , systemd
+, audit
+, libapparmor
 , libX11 ? null
 , libICE ? null
 , libSM ? null
@@ -70,7 +72,8 @@ stdenv.mkDerivation rec {
       libX11
       libICE
       libSM
-    ] ++ lib.optional enableSystemd systemd;
+    ] ++ lib.optional enableSystemd systemd
+    ++ lib.optionals (!stdenv.isDarwin) [ audit libapparmor ];
   # ToDo: optional selinux?
 
   configureFlags = [
@@ -86,7 +89,8 @@ stdenv.mkDerivation rec {
     "--with-system-socket=/run/dbus/system_bus_socket"
     "--with-systemdsystemunitdir=${placeholder ''out''}/etc/systemd/system"
     "--with-systemduserunitdir=${placeholder ''out''}/etc/systemd/user"
-  ] ++ lib.optional (!x11Support) "--without-x";
+  ] ++ lib.optional (!x11Support) "--without-x"
+  ++ lib.optionals (!stdenv.isDarwin) [ "--enable-apparmor" "--enable-libaudit" ];
 
   # Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
   # (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
diff --git a/pkgs/development/libraries/dbus/make-dbus-conf.nix b/pkgs/development/libraries/dbus/make-dbus-conf.nix
index e714b96b7e9..ce5c0b3b577 100644
--- a/pkgs/development/libraries/dbus/make-dbus-conf.nix
+++ b/pkgs/development/libraries/dbus/make-dbus-conf.nix
@@ -1,6 +1,7 @@
 { runCommand, writeText, libxslt, dbus
 , serviceDirectories ? []
 , suidHelper ? "/var/setuid-wrappers/dbus-daemon-launch-helper"
+, apparmor ? "disabled" # one of enabled, disabled, required
 }:
 
 /* DBus has two configuration parsers -- normal and "trivial", which is used
@@ -10,7 +11,7 @@
  */
 runCommand "dbus-1"
   {
-    inherit serviceDirectories suidHelper;
+    inherit serviceDirectories suidHelper apparmor;
     preferLocalBuild = true;
     allowSubstitutes = false;
     XML_CATALOG_FILES = writeText "dbus-catalog.xml" ''
@@ -33,10 +34,12 @@ runCommand "dbus-1"
     xsltproc --nonet \
       --stringparam serviceDirectories "$serviceDirectories" \
       --stringparam suidHelper "$suidHelper" \
+      --stringparam apparmor "$apparmor" \
       ${./make-system-conf.xsl} ${dbus}/share/dbus-1/system.conf \
       > $out/system.conf
     xsltproc --nonet \
       --stringparam serviceDirectories "$serviceDirectories" \
+      --stringparam apparmor "$apparmor" \
       ${./make-session-conf.xsl} ${dbus}/share/dbus-1/session.conf \
       > $out/session.conf
   ''
diff --git a/pkgs/development/libraries/dbus/make-session-conf.xsl b/pkgs/development/libraries/dbus/make-session-conf.xsl
index 6a19ee14a22..a744905cdd3 100644
--- a/pkgs/development/libraries/dbus/make-session-conf.xsl
+++ b/pkgs/development/libraries/dbus/make-session-conf.xsl
@@ -15,12 +15,16 @@
   <xsl:output method='xml' encoding="UTF-8" doctype-system="busconfig.dtd" />
 
   <xsl:param name="serviceDirectories" />
+  <xsl:param name="apparmor" />
 
   <xsl:template match="/busconfig">
     <busconfig>
       <!-- We leave <standard_session_servicedirs/> because it includes XDG dirs and therefore user Nix profile. -->
       <xsl:copy-of select="child::node()[name() != 'include' and name() != 'servicedir' and name() != 'includedir']" />
 
+      <!-- configure AppArmor -->
+      <apparmor mode="{$apparmor}"/>
+
       <xsl:for-each select="str:tokenize($serviceDirectories)">
         <servicedir><xsl:value-of select="." />/share/dbus-1/services</servicedir>
         <includedir><xsl:value-of select="." />/etc/dbus-1/session.d</includedir>
diff --git a/pkgs/development/libraries/dbus/make-system-conf.xsl b/pkgs/development/libraries/dbus/make-system-conf.xsl
index dd644b4bce7..06233e764e1 100644
--- a/pkgs/development/libraries/dbus/make-system-conf.xsl
+++ b/pkgs/development/libraries/dbus/make-system-conf.xsl
@@ -16,11 +16,15 @@
 
   <xsl:param name="serviceDirectories" />
   <xsl:param name="suidHelper" />
+  <xsl:param name="apparmor" />
 
   <xsl:template match="/busconfig">
     <busconfig>
       <xsl:copy-of select="child::node()[name() != 'include' and name() != 'standard_system_servicedirs' and name() != 'servicehelper' and name() != 'servicedir' and name() != 'includedir']" />
 
+      <!-- configure AppArmor -->
+      <apparmor mode="{$apparmor}"/>
+
       <!-- set suid helper -->
       <servicehelper><xsl:value-of select="$suidHelper" /></servicehelper>
 

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-05-31 11:47:06 +0000