mirror of
https://github.com/NixOS/nixpkgs.git
synced 2025-07-13 13:40:28 +03:00
Revert "Revert "apparmor: fix and improve the service""
This reverts commit 420f89ceb2
.
This commit is contained in:
parent
d239bc3643
commit
05d334cfe2
20 changed files with 805 additions and 164 deletions
|
@ -97,11 +97,17 @@ in {
|
|||
# does a bunch of unrelated things.
|
||||
systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
|
||||
|
||||
security.apparmor.packages = [ cfg.lxcPackage ];
|
||||
security.apparmor.profiles = [
|
||||
"${cfg.lxcPackage}/etc/apparmor.d/lxc-containers"
|
||||
"${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start"
|
||||
];
|
||||
security.apparmor = {
|
||||
packages = [ cfg.lxcPackage ];
|
||||
policies = {
|
||||
"bin.lxc-start".profile = ''
|
||||
include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start
|
||||
'';
|
||||
"lxc-containers".profile = ''
|
||||
include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: remove once LXD gets proper support for cgroupsv2
|
||||
# (currently most of the e.g. CPU accounting stuff doesn't work)
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue