Compare commits
No commits in common. "d6e4ce8850230b52fdd660ec6e46fd7bc34bcd67" and "b10ee3bf29fb5f5c4f6effcb8cb7124496453ef9" have entirely different histories.
d6e4ce8850
...
b10ee3bf29
4 changed files with 0 additions and 86 deletions
|
|
@ -1,15 +0,0 @@
|
||||||
diff --git a/apparmor.d/tunables/multiarch.d/system b/apparmor.d/tunables/multiarch.d/system
|
|
||||||
index be37123f..1d61a671 100644
|
|
||||||
--- a/apparmor.d/tunables/multiarch.d/system
|
|
||||||
+++ b/apparmor.d/tunables/multiarch.d/system
|
|
||||||
@@ -106,8 +106,8 @@
|
|
||||||
@{MOUNTS}=@{MOUNTDIRS}/*/ @{run}/user/@{uid}/gvfs/
|
|
||||||
|
|
||||||
# Common places for binaries and libraries across distributions
|
|
||||||
-@{bin}=/{,usr/}{,s}bin
|
|
||||||
-@{lib}=/{,usr/}lib{,exec,32,64}
|
|
||||||
+@{bin}=/nix/store/*/bin
|
|
||||||
+@{lib}=/nix/store/*/lib
|
|
||||||
|
|
||||||
# Common places for temporary files
|
|
||||||
@{tmp}=/tmp/ /tmp/user/@{uid}/
|
|
||||||
|
|
@ -1,24 +0,0 @@
|
||||||
{ stdenv, fetchFromGitHub }:
|
|
||||||
stdenv.mkDerivation rec {
|
|
||||||
pname = "apparmor-d";
|
|
||||||
version = "unstable-2024-10-12";
|
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
|
||||||
rev = "116272b8ada281178150f1c9a564aac1967121f6";
|
|
||||||
owner = "roddhjav";
|
|
||||||
repo = "apparmor.d";
|
|
||||||
hash = "sha256-Yx9UJdmBqjMSPVwFyvidQXfQ4pdEKaDMfvi7gF6GSVc=";
|
|
||||||
};
|
|
||||||
|
|
||||||
doCheck = false;
|
|
||||||
dontBuild = true;
|
|
||||||
|
|
||||||
patches = [
|
|
||||||
./apparmor-d-paths.patch
|
|
||||||
];
|
|
||||||
|
|
||||||
installPhase = ''
|
|
||||||
mkdir -p $out/etc
|
|
||||||
cp -r apparmor.d $out/etc
|
|
||||||
'';
|
|
||||||
}
|
|
||||||
|
|
@ -1,46 +0,0 @@
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
let
|
|
||||||
inherit (config.grimmShared) enable tooling;
|
|
||||||
inherit (lib) mkIf;
|
|
||||||
apparmor-d = pkgs.callPackage ./apparmor-d.nix {};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
config = mkIf (enable && tooling.enable) {
|
|
||||||
services.dbus.apparmor = "enabled";
|
|
||||||
security.auditd.enable = true;
|
|
||||||
|
|
||||||
security.apparmor.packages = [ apparmor-d ];
|
|
||||||
security.apparmor.enable = true;
|
|
||||||
|
|
||||||
security.apparmor.includes = {
|
|
||||||
"local/vesktop" = ''
|
|
||||||
# @{lib}/libdl.so* mr,
|
|
||||||
# @{lib}/libglapi.so* mr,
|
|
||||||
# @{lib}/libc.so* mr,
|
|
||||||
# @{lib}/pluseaudio/** mr,
|
|
||||||
|
|
||||||
@{bin}/electron rix,
|
|
||||||
/nix/store/*/libexec/electron/** rix,
|
|
||||||
|
|
||||||
/nix/store/*/bin/** mr,
|
|
||||||
/nix/store/*/lib/** mr,
|
|
||||||
/nix/store/** r,
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
security.apparmor.policies = {
|
|
||||||
vesktop = {
|
|
||||||
enable = true;
|
|
||||||
enforce = true;
|
|
||||||
profile = ''
|
|
||||||
include "${apparmor-d}/etc/apparmor.d/profiles-s-z/vesktop"
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
@ -28,7 +28,6 @@ in
|
||||||
./java.nix
|
./java.nix
|
||||||
./opensnitch
|
./opensnitch
|
||||||
./ranger.nix
|
./ranger.nix
|
||||||
./apparmor
|
|
||||||
];
|
];
|
||||||
|
|
||||||
config = mkIf (enable && tooling.enable) {
|
config = mkIf (enable && tooling.enable) {
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue