nixpkgs/modules/security/apparmor.nix
2012-07-22 16:31:49 +03:00

52 lines
796 B
Nix

{pkgs, config, ...}:
let
cfg = config.security.apparmor;
in
with pkgs.lib;
{
###### interface
options = {
security.apparmor = {
enable = mkOption {
default = false;
description = ''
Enable AppArmor application security system
'';
};
profiles = mkOption {
default = [];
merge = mergeListOption;
description = ''
List of file names of AppArmor profiles.
'';
};
};
};
###### implementation
config = mkIf (cfg.enable) {
jobs.apparmor =
{ startOn = "startup";
path = [ pkgs.apparmor ];
preStart = concatMapStrings (profile: ''
apparmor_parser -Kv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
'') cfg.profiles;
postStop = ''
'';
};
};
}