apparmor: add apparmor_parser config file

If the config does not exist, then apparmor_parser will throw a warning. To avoid that and make the parser configurable, we now add a new option to it. Signed-off-by: Sascha Grunert <sgrunert@suse.com>
NixOS · Aug 22, 2020 · 2259fbd · 2259fbd
1 parent 6a7b110
commit 2259fbd
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/nixos/modules/security/apparmor.nix b/nixos/modules/security/apparmor.nix
@@ -23,11 +23,17 @@ in
          default = [];
          description = "List of packages to be added to apparmor's include path";
        };
+       parserConfig = mkOption {
+         type = types.str;
+         default = "";
+         description = "AppArmor parser configuration file content";
+       };
      };
    };
 
    config = mkIf cfg.enable {
      environment.systemPackages = [ pkgs.apparmor-utils ];
+     environment.etc."apparmor/parser.conf".text = cfg.parserConfig;
 
      boot.kernelParams = [ "apparmor=1" "security=apparmor" ];