movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 04:35:41 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos/security: init lsm option

Browse source
This commit is contained in:
Tristan Ross 2025-04-03 13:44:52 -07:00
parent 10214747f5
commit b8402295a4
No known key found for this signature in database
GPG key ID: B09C422035669AF8
2 changed files with 29 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
nixos/modules/module-list.nix
View file

@ -366,6 +366,7 @@
./security/auditd.nix
./security/ca.nix
./security/chromium-suid-sandbox.nix
./security/default.nix
./security/dhparams.nix
./security/doas.nix
./security/duosec.nix

28
nixos/modules/security/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, lib, ... }:
let
cfg = config.security;
in
{
options = {
security.lsm = lib.mkOption {
type = lib.types.uniq (lib.types.listOf lib.types.str);
default = [ ];
description = ''
A list of the LSMs to initialize in order.
'';
};
};
config = lib.mkIf (lib.lists.length cfg.lsm > 0) {
assertions = [
{
assertion = builtins.length (lib.filter (lib.hasPrefix "security=") config.boot.kernelParams) == 0;
message = "security parameter in boot.kernelParams cannot be used when security.lsm is used";
}
];
boot.kernelParams = [
"lsm=${lib.concatStringsSep "," cfg.lsm}"
];
};
}