diff options
| author | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-18 16:01:05 +0100 |
|---|---|---|
| committer | Frederik Rietdijk <fridh@fridh.nl> | 2020-11-18 16:01:05 +0100 |
| commit | 77ff58e55efc13ac2f9722220ba316838ea7640c (patch) | |
| tree | e6b70c3b6cb4dc3b5d811edbebb6fc8fc095dd5e /nixos | |
| parent | 6a78f9866f1ef2c63471ecd42a2e4c51c5bf20ef (diff) | |
| parent | d9b359d8fe9fb8a83dc95d413d6552fc72b550c6 (diff) | |
Merge staging into staging-next
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/services/system/dbus.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index f8d909a4a3cc..d4cacb85694b 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -11,6 +11,7 @@ let homeDir = "/run/dbus"; configDir = pkgs.makeDBusConf { + inherit (cfg) apparmor; suidHelper = "${config.security.wrapperDir}/dbus-daemon-launch-helper"; serviceDirectories = cfg.packages; }; @@ -51,6 +52,20 @@ in ''; }; + apparmor = mkOption { + type = types.enum [ "enabled" "disabled" "required" ]; + description = '' + AppArmor mode for dbus. + + <literal>enabled</literal> enables mediation when it's + supported in the kernel, <literal>disabled</literal> + always disables AppArmor even with kernel support, and + <literal>required</literal> fails when AppArmor was not found + in the kernel. + ''; + default = "disabled"; + }; + socketActivated = mkOption { type = types.nullOr types.bool; default = null; |