apparmor: fix and improve the service

2025-07-14 14:10:33 +03:00 · 2020-08-08 02:01:35 +02:00 · 2020-08-08 02:01:35 +02:00 · fb6d63f3fd
commit fb6d63f3fd
parent 539ae5c932
20 changed files with 793 additions and 164 deletions
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@ -179,6 +179,14 @@ in
      export PATH="${wrapperDir}:$PATH"
    '';

+    security.apparmor.includes."nixos/security.wrappers" = ''
+      include "${pkgs.apparmorRulesFromClosure {} [
+        securityWrapper
+        pkgs.stdenv.cc.cc
+        pkgs.stdenv.cc.libc
+      ]}"
+    '';
+
    ###### setcap activation script
    system.activationScripts.wrappers =
      lib.stringAfter [ "specialfs" "users" ]