diff --git a/common/tooling/apparmor/apparmor-d-paths.patch b/common/tooling/apparmor/apparmor-d-paths.patch index 04b8d69..0e1dd3b 100644 --- a/common/tooling/apparmor/apparmor-d-paths.patch +++ b/common/tooling/apparmor/apparmor-d-paths.patch @@ -1,14 +1,24 @@ diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system -index be37123f..6490e311 100644 +index be37123f..81ac4f20 100644 --- a/apparmor.d/tunables/multiarch.d/system +++ b/apparmor.d/tunables/multiarch.d/system -@@ -106,8 +106,9 @@ +@@ -106,8 +106,19 @@ @{MOUNTS}=@{MOUNTDIRS}/*/ @{run}/user/@{uid}/gvfs/ # Common places for binaries and libraries across distributions -@{bin}=/{,usr/}{,s}bin -@{lib}=/{,usr/}lib{,exec,32,64} -+@{base_paths} = /nix/store/* /etc/profiles/per-user/* /run/current-system/sw ++@{package1}={@{w},.,-} ++@{package2}=@{package1}@{package1} ++@{package4}=@{package2}@{package2} ++@{package8}=@{package4}@{package4} ++@{package16}=@{package8}@{package8} ++@{package32}=@{package16}@{package16} ++@{package64}=@{package32}@{package32} ++@{nix_package_name}={@{package64},}{@{package32},}{@{package16},}{@{package8},}{@{package4},}{@{package2},}{@{package1},} ++ ++@{nix_store}=/nix/store/@{rand32}-@{nix_package_name} ++@{base_paths}=@{nix_store} /etc/profiles/per-user/@{user} /run/current-system/sw +@{bin}=@{base_paths}/bin /{,usr/}{,s}bin +@{lib}=@{base_paths}/lib diff --git a/common/tooling/apparmor/default.nix b/common/tooling/apparmor/default.nix index d5b058f..8c37dc4 100644 --- a/common/tooling/apparmor/default.nix +++ b/common/tooling/apparmor/default.nix @@ -35,7 +35,8 @@ in gamemoded = "disable"; pkexec = "complain"; xdg-mime = "complain"; - mimetype = "complain"; + mimetype = "complain"; + sudo = "complain"; }; };