nixos/modules/security/apparmor/profiles.nix at 23.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / apparmor / profiles.nix

at 23.11-pre 479 B view raw

 1{ config, lib, pkgs, ... }:
 2let apparmor = config.security.apparmor; in
 3{
 4config.security.apparmor.packages = [ pkgs.apparmor-profiles ];
 5config.security.apparmor.policies."bin.ping".profile = lib.mkIf apparmor.policies."bin.ping".enable ''
 6  include "${pkgs.iputils.apparmor}/bin.ping"
 7  include "${pkgs.inetutils.apparmor}/bin.ping"
 8  # Note that including those two profiles in the same profile
 9  # would not work if the second one were to re-include <tunables/global>.
10'';
11}