diff options
author | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2020-08-08 02:01:35 +0200 |
---|---|---|
committer | Julien Moutinho <julm+nixpkgs@sourcephile.fr> | 2020-09-06 07:43:03 +0200 |
commit | fb6d63f3fdd95a5468d43a0693c8ca7c1894363f (patch) | |
tree | 44edb88b751700b3e611999eb2998b6b518adb71 /pkgs/tools/networking/inetutils/default.nix | |
parent | 539ae5c93299cadc0664cfff2ffc69a9386caf6d (diff) | |
download | nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar.gz nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar.bz2 nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar.lz nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar.xz nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.tar.zst nixpkgs-fb6d63f3fdd95a5468d43a0693c8ca7c1894363f.zip |
apparmor: fix and improve the service
Diffstat (limited to 'pkgs/tools/networking/inetutils/default.nix')
-rw-r--r-- | pkgs/tools/networking/inetutils/default.nix | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/pkgs/tools/networking/inetutils/default.nix b/pkgs/tools/networking/inetutils/default.nix index 1290ec2bdb1..bcc4237f434 100644 --- a/pkgs/tools/networking/inetutils/default.nix +++ b/pkgs/tools/networking/inetutils/default.nix @@ -1,4 +1,6 @@ -{ stdenv, lib, fetchurl, ncurses, perl, help2man }: +{ stdenv, lib, fetchurl, ncurses, perl, help2man +, apparmorRulesFromClosure +}: stdenv.mkDerivation rec { name = "inetutils-1.9.4"; @@ -8,6 +10,8 @@ stdenv.mkDerivation rec { sha256 = "05n65k4ixl85dc6rxc51b1b732gnmm8xnqi424dy9f1nz7ppb3xy"; }; + outputs = ["out" "apparmor"]; + patches = [ ./whois-Update-Canadian-TLD-server.patch ./service-name.patch @@ -41,6 +45,22 @@ stdenv.mkDerivation rec { installFlags = [ "SUIDMODE=" ]; + postInstall = '' + install -D /dev/stdin $apparmor/bin.ping <<EOF + $out/bin/ping { + include <abstractions/base> + include <abstractions/consoles> + include <abstractions/nameservice> + include "${apparmorRulesFromClosure {} [stdenv.cc.libc]}" + include <local/bin.ping> + capability net_raw, + network inet raw, + network inet6 raw, + mr $out/bin/ping, + } + EOF + ''; + meta = with lib; { description = "Collection of common network programs"; |