diff options
Diffstat (limited to 'nixpkgs/nixos/modules/security/apparmor/profiles.nix')
-rw-r--r-- | nixpkgs/nixos/modules/security/apparmor/profiles.nix | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/nixpkgs/nixos/modules/security/apparmor/profiles.nix b/nixpkgs/nixos/modules/security/apparmor/profiles.nix new file mode 100644 index 000000000000..8eb630b5a48a --- /dev/null +++ b/nixpkgs/nixos/modules/security/apparmor/profiles.nix @@ -0,0 +1,11 @@ +{ config, lib, pkgs, ... }: +let apparmor = config.security.apparmor; in +{ +config.security.apparmor.packages = [ pkgs.apparmor-profiles ]; +config.security.apparmor.policies."bin.ping".profile = lib.mkIf apparmor.policies."bin.ping".enable '' + include "${pkgs.iputils.apparmor}/bin.ping" + include "${pkgs.inetutils.apparmor}/bin.ping" + # Note that including those two profiles in the same profile + # would not work if the second one were to re-include <tunables/global>. +''; +} |