nixos/modules/security/default.nix at 25.11-pre · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

nixpkgs / nixos / modules / security / default.nix

at 25.11-pre 678 B view raw

 1{ config, lib, ... }:
 2let
 3  cfg = config.security;
 4in
 5{
 6  options = {
 7    security.lsm = lib.mkOption {
 8      type = lib.types.uniq (lib.types.listOf lib.types.str);
 9      default = [ ];
10      description = ''
11        A list of the LSMs to initialize in order.
12      '';
13    };
14  };
15
16  config = lib.mkIf (lib.lists.length cfg.lsm > 0) {
17    assertions = [
18      {
19        assertion = builtins.length (lib.filter (lib.hasPrefix "security=") config.boot.kernelParams) == 0;
20        message = "security parameter in boot.kernelParams cannot be used when security.lsm is used";
21      }
22    ];
23
24    boot.kernelParams = [
25      "lsm=${lib.concatStringsSep "," cfg.lsm}"
26    ];
27  };
28}