0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00

Revert "Revert "apparmor: fix and improve the service""

This reverts commit 420f89ceb2.
This commit is contained in:
Julien Moutinho 2020-10-18 15:36:24 +02:00
parent d239bc3643
commit 05d334cfe2
20 changed files with 805 additions and 164 deletions

View file

@ -97,11 +97,17 @@ in {
# does a bunch of unrelated things.
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
security.apparmor.packages = [ cfg.lxcPackage ];
security.apparmor.profiles = [
"${cfg.lxcPackage}/etc/apparmor.d/lxc-containers"
"${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start"
];
security.apparmor = {
packages = [ cfg.lxcPackage ];
policies = {
"bin.lxc-start".profile = ''
include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start
'';
"lxc-containers".profile = ''
include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers
'';
};
};
# TODO: remove once LXD gets proper support for cgroupsv2
# (currently most of the e.g. CPU accounting stuff doesn't work)