AppArmor: packaged

12 years ago · 4549bad2f4
parent 8bde72d99c
commit 4549bad2f4
2 changed files with 53 additions and 0 deletions
--- a/modules/module-list.nix
+++ b/modules/module-list.nix
@ -47,6 +47,7 @@
  ./programs/ssmtp.nix
  ./programs/wvdial.nix
  ./rename.nix
+  ./security/apparmor.nix
  ./security/ca.nix
  ./security/consolekit.nix
  ./security/pam.nix
--- a/modules/security/apparmor.nix
+++ b/modules/security/apparmor.nix
@ -0,0 +1,52 @@
+{pkgs, config, ...}:
+let
+  cfg = config.security.apparmor;
+in
+with pkgs.lib;
+{
+
+  ###### interface
+
+  options = {
+
+    security.apparmor = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable AppArmor application security system
+        '';
+      };
+
+      profiles = mkOption {
+        default = [];
+	merge = mergeListOption;
+        description = ''
+	  List of file names of AppArmor profiles.
+	'';
+      };
+
+    };
+  };
+
+
+  ###### implementation
+
+  config = mkIf (cfg.enable) {
+
+    jobs.apparmor =
+      { startOn = "startup";
+
+	path = [ pkgs.apparmor ];
+
+        preStart = concatMapStrings (profile: ''
+          apparmor_parser -Kv -I ${pkgs.apparmor}/etc/apparmor.d/ "${profile}"
+        '') cfg.profiles;
+
+	postStop = ''
+	'';
+      };
+
+  };
+
+}