MirrorHub/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 06:45:16 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1

Browse source 
Fix apparmor boot on linux 5.1
This commit is contained in:
Joachim F 2019-05-12 15:17:38 +00:00 committed by GitHub
commit 428ddf0619
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 12 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/security/apparmor.nix
View file

@ -29,6 +29,8 @@ in
config = mkIf cfg.enable {
environment.systemPackages = [ pkgs.apparmor-utils ];
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
systemd.services.apparmor = let
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
([ pkgs.apparmor-profiles ] ++ cfg.packages);

10
nixos/tests/hardened.nix
View file

@ -30,6 +30,16 @@ import ./make-test.nix ({ pkgs, ...} : {
''
$machine->waitForUnit("multi-user.target");
subtest "apparmor-loaded", sub {
$machine->succeed("systemctl status apparmor.service");
};
# AppArmor securityfs
subtest "apparmor-securityfs", sub {
$machine->succeed("mountpoint -q /sys/kernel/security");
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
};
# Test loading out-of-tree modules
subtest "extra-module-packages", sub {
$machine->succeed("grep -Fq wireguard /proc/modules");