diff options
author | Austin Seipp <aseipp@pobox.com> | 2014-05-07 17:59:29 -0500 |
---|---|---|
committer | Austin Seipp <aseipp@pobox.com> | 2014-05-17 14:09:09 -0500 |
commit | 92abc4c61088c561a0060219cc95da5eaf79a857 (patch) | |
tree | e6a361b86b448580f7d20cdde501a9feb9799408 /nixos/modules/security/apparmor.nix | |
parent | 3efdeef6a31dca9dc7e76afd575fa43e78d6afea (diff) | |
download | nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar.gz nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar.bz2 nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar.lz nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar.xz nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.tar.zst nixlib-92abc4c61088c561a0060219cc95da5eaf79a857.zip |
kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order to work properly (with the minor catch grsecurity -stable includes the 3.2 patches.) This adds them to the kernel builds by default, removes features.apparmor (since it's always true) and makes it the default MAC system. Signed-off-by: Austin Seipp <aseipp@pobox.com>
Diffstat (limited to 'nixos/modules/security/apparmor.nix')
-rw-r--r-- | nixos/modules/security/apparmor.nix | 7 |
1 files changed, 0 insertions, 7 deletions
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix index da7c93beee98..f29e7a5ad818 100644 --- a/nixos/modules/security/apparmor.nix +++ b/nixos/modules/security/apparmor.nix @@ -23,13 +23,6 @@ in }; config = mkIf cfg.enable { - assertions = - [ { assertion = config.boot.kernelPackages.kernel.features ? apparmor - && config.boot.kernelPackages.kernel.features.apparmor; - message = "Your selected kernel does not have AppArmor support"; - } - ]; - environment.systemPackages = [ pkgs.apparmor ]; systemd.services.apparmor = { wantedBy = [ "local-fs.target" ]; |