diff options
| author | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-08-29 18:59:53 +0200 |
|---|---|---|
| committer | Jaka Hudoklin <jakahudoklin@gmail.com> | 2015-08-29 18:59:53 +0200 |
| commit | c7bb64cb978ba0da420eb93b07556b79e65ddd44 (patch) | |
| tree | b9d054aa438569e21903026944b2db62aca02ebe /nixos/modules/security/pam.nix | |
| parent | ed63e186523397aba396c29bba3c8823457f31b9 (diff) | |
| parent | 2e0933787bff6772a698a3e8e8f3c93cb2bb7370 (diff) | |
| download | nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar.gz nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar.bz2 nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar.lz nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar.xz nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.tar.zst nixlib-c7bb64cb978ba0da420eb93b07556b79e65ddd44.zip | |
Merge pull request #7344 from joachifm/apparmor-pam
nixos: add AppArmor PAM support
Diffstat (limited to 'nixos/modules/security/pam.nix')
| -rw-r--r-- | nixos/modules/security/pam.nix | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/nixos/modules/security/pam.nix b/nixos/modules/security/pam.nix index 0aa8ee0da828..474b93b4984d 100644 --- a/nixos/modules/security/pam.nix +++ b/nixos/modules/security/pam.nix @@ -192,6 +192,16 @@ let description = "Whether to log authentication failures in <filename>/var/log/faillog</filename>."; }; + enableAppArmor = mkOption { + default = false; + type = types.bool; + description = '' + Enable support for attaching AppArmor profiles at the + user/group level, e.g., as part of a role based access + control scheme. + ''; + }; + text = mkOption { type = types.nullOr types.lines; description = "Contents of the PAM service file."; @@ -294,6 +304,8 @@ let "session optional ${pkgs.pam}/lib/security/pam_motd.so motd=${motd}"} ${optionalString cfg.pamMount "session optional ${pkgs.pam_mount}/lib/security/pam_mount.so"} + ${optionalString (cfg.enableAppArmor && config.security.apparmor.enable) + "session optional ${pkgs.apparmor-pam}/lib/security/pam_apparmor.so order=user,group,default debug"} ''; }; |