1 files changed, 11 insertions, 0 deletions

diff --git a/nixos/modules/security/apparmor/profiles.nix b/nixos/modules/security/apparmor/profiles.nix
new file mode 100644
index 00000000000..8eb630b5a48
--- /dev/null
+++ b/nixos/modules/security/apparmor/profiles.nix
@@ -0,0 +1,11 @@
+{ config, lib, pkgs, ... }:
+let apparmor = config.security.apparmor; in
+{
+config.security.apparmor.packages = [ pkgs.apparmor-profiles ];
+config.security.apparmor.policies."bin.ping".profile = lib.mkIf apparmor.policies."bin.ping".enable ''
+  include "${pkgs.iputils.apparmor}/bin.ping"
+  include "${pkgs.inetutils.apparmor}/bin.ping"
+  # Note that including those two profiles in the same profile
+  # would not work if the second one were to re-include <tunables/global>.
+'';
+}