summary refs log tree commit diff
path: root/nixos/modules/security/apparmor.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/security/apparmor.nix')
-rw-r--r--nixos/modules/security/apparmor.nix24
1 files changed, 12 insertions, 12 deletions
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
index c4eca453254..0d858a45856 100644
--- a/nixos/modules/security/apparmor.nix
+++ b/nixos/modules/security/apparmor.nix
@@ -7,7 +7,7 @@ let
   inherit (lib) types;
   inherit (config.environment) etc;
   cfg = config.security.apparmor;
-  mkDisableOption = name: mkEnableOption name // {
+  mkDisableOption = name: mkEnableOption (lib.mdDoc name) // {
     default = true;
     example = false;
   };
@@ -24,7 +24,7 @@ in
 
   options = {
     security.apparmor = {
-      enable = mkEnableOption ''
+      enable = mkEnableOption (lib.mdDoc ''
         the AppArmor Mandatory Access Control system.
 
         If you're enabling this module on a running system,
@@ -38,9 +38,9 @@ in
         introducing for the first time an AppArmor profile for the executable
         of a running process.
 
-        Enable <xref linkend="opt-security.apparmor.killUnconfinedConfinables"/>
+        Enable [](#opt-security.apparmor.killUnconfinedConfinables)
         if you want this service to do such killing
-        by sending a <literal>SIGTERM</literal> to those running processes'';
+        by sending a `SIGTERM` to those running processes'');
       policies = mkOption {
         description = lib.mdDoc ''
           AppArmor policies.
@@ -72,23 +72,23 @@ in
         default = [];
         description = lib.mdDoc "List of packages to be added to AppArmor's include path";
       };
-      enableCache = mkEnableOption ''
+      enableCache = mkEnableOption (lib.mdDoc ''
         caching of AppArmor policies
-        in <literal>/var/cache/apparmor/</literal>.
+        in `/var/cache/apparmor/`.
 
         Beware that AppArmor policies almost always contain Nix store paths,
         and thus produce at each change of these paths
-        a new cached version accumulating in the cache'';
-      killUnconfinedConfinables = mkEnableOption ''
+        a new cached version accumulating in the cache'');
+      killUnconfinedConfinables = mkEnableOption (lib.mdDoc ''
         killing of processes which have an AppArmor profile enabled
-        (in <xref linkend="opt-security.apparmor.policies"/>)
+        (in [](#opt-security.apparmor.policies))
         but are not confined (because AppArmor can only confine new processes).
 
-        This is only sending a gracious <literal>SIGTERM</literal> signal to the processes,
-        not a <literal>SIGKILL</literal>.
+        This is only sending a gracious `SIGTERM` signal to the processes,
+        not a `SIGKILL`.
 
         Beware that due to a current limitation of AppArmor,
-        only profiles with exact paths (and no name) can enable such kills'';
+        only profiles with exact paths (and no name) can enable such kills'');
     };
   };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-23 01:07:47 +0000