Grimmauld/grimm-nixos-laptop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix pkexec

Browse Source
This commit is contained in:
Grimmauld 2024-10-16 19:39:53 +02:00
parent befdc89ae2
commit ff7e5e76c5
Signed by: Grimmauld
GPG Key ID: C2946668769F91FB
2 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
common/tooling/apparmor/apparmor-d-package.nix
View File

@ -32,6 +32,9 @@ buildGoModule {
DISTRIBUTION=arch $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available DISTRIBUTION=arch $out/bin/prebuild --abi 4 # fixme: replace with nixos support once available
mv .build/apparmor.d $out/etc mv .build/apparmor.d $out/etc
rm $out/etc/apparmor.d/abstractions/authentication.d/complete
rm $out/bin/prebuild rm $out/bin/prebuild
''; '';

8
common/tooling/apparmor/default.nix
View File

@ -6,7 +6,7 @@
}: }:
let let
inherit (config.grimmShared) enable tooling; inherit (config.grimmShared) enable tooling;
inherit (lib) mkIf optionalString getExe' getExe; inherit (lib) mkIf getExe' getExe;
in in
{ {
imports = [ ./apparmor-d-module.nix ]; imports = [ ./apparmor-d-module.nix ];
@ -33,7 +33,7 @@ in
child-open = "enforce"; child-open = "enforce";
firefox-glxtest = "enforce"; firefox-glxtest = "enforce";
gamemoded = "disable"; gamemoded = "disable";
pkexec = "disable"; pkexec = "complain";
xdg-mime = "complain"; xdg-mime = "complain";
mimetype = "complain"; mimetype = "complain";
}; };
@ -82,6 +82,10 @@ in
"abstractions/common/electron.d/libexec" = '' "abstractions/common/electron.d/libexec" = ''
/nix/store/*/libexec/electron/** rix, /nix/store/*/libexec/electron/** rix,
''; '';
"local/pkexec" = ''
capability sys_ptrace,
'';
}; };
security.apparmor.policies = { security.apparmor.policies = {