summary refs log tree commit diff
path: root/nixos/modules/config/malloc.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/config/malloc.nix')
-rw-r--r--nixos/modules/config/malloc.nix9
1 files changed, 8 insertions, 1 deletions
diff --git a/nixos/modules/config/malloc.nix b/nixos/modules/config/malloc.nix
index 31a659ee83f..fc35993b5a8 100644
--- a/nixos/modules/config/malloc.nix
+++ b/nixos/modules/config/malloc.nix
@@ -23,7 +23,7 @@ let
     };
 
     scudo = {
-      libPath = "${pkgs.llvmPackages.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
+      libPath = "${pkgs.llvmPackages_latest.compiler-rt}/lib/linux/libclang_rt.scudo-x86_64.so";
       description = ''
         A user-mode allocator based on LLVM Sanitizer’s CombinedAllocator,
         which aims at providing additional mitigations against heap based
@@ -87,5 +87,12 @@ in
     environment.etc."ld-nix.so.preload".text = ''
       ${providerLibPath}
     '';
+    security.apparmor.includes = {
+      "abstractions/base" = ''
+        r /etc/ld-nix.so.preload,
+        r ${config.environment.etc."ld-nix.so.preload".source},
+        mr ${providerLibPath},
+      '';
+    };
   };
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-04-25 13:37:13 +0000