Merge pull request #104174 from NixOS/staging-next

Staging next
author: Frederik Rietdijk <freddyrietdijk@fridh.nl> 2020-11-21 08:44:02 +0100
committer: GitHub <noreply@github.com> 2020-11-21 08:44:02 +0100
commit: 4dc0a9a0a7f17a08e8a45195a02ebe24b0d91161 (patch)
tree: 60b348740eec1eac0730c50016372762141836d9 /nixos
parent: 65c4e2500f25076a2db330b8953410faab817420 (diff)
parent: 1ffd7cf0d6cb509565deb21a6e57a17575834b76 (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix
index f8d909a4a3cc..d4cacb85694b 100644
--- a/nixos/modules/services/system/dbus.nix
+++ b/nixos/modules/services/system/dbus.nix
@@ -11,6 +11,7 @@ let
   homeDir = "/run/dbus";
 
   configDir = pkgs.makeDBusConf {
+    inherit (cfg) apparmor;
     suidHelper = "${config.security.wrapperDir}/dbus-daemon-launch-helper";
     serviceDirectories = cfg.packages;
   };
@@ -51,6 +52,20 @@ in
         '';
       };
 
+      apparmor = mkOption {
+        type = types.enum [ "enabled" "disabled" "required" ];
+        description = ''
+          AppArmor mode for dbus.
+
+          <literal>enabled</literal> enables mediation when it's
+          supported in the kernel, <literal>disabled</literal>
+          always disables AppArmor even with kernel support, and
+          <literal>required</literal> fails when AppArmor was not found
+          in the kernel.
+        '';
+        default = "disabled";
+      };
+
       socketActivated = mkOption {
         type = types.nullOr types.bool;
         default = null;
author	Frederik Rietdijk <freddyrietdijk@fridh.nl>	2020-11-21 08:44:02 +0100
committer	GitHub <noreply@github.com>	2020-11-21 08:44:02 +0100
commit	4dc0a9a0a7f17a08e8a45195a02ebe24b0d91161 (patch)
tree	60b348740eec1eac0730c50016372762141836d9 /nixos
parent	65c4e2500f25076a2db330b8953410faab817420 (diff)
parent	1ffd7cf0d6cb509565deb21a6e57a17575834b76 (diff)