646b892680
Some checks failed
Periodic Merges (6h) / master → staging-nixos (push) Failing after 12m50s
Periodic Merges (6h) / master → staging-next (push) Failing after 12m54s
Periodic Merges (24h) / merge-base(master,staging) → haskell-updates (push) Failing after 11m54s
Periodic Merges (6h) / staging-next → staging (push) Failing after 12m13s
Periodic Merges (24h) / staging-next-25.05 → staging-25.05 (push) Failing after 13m24s
Periodic Merges (24h) / release-25.05 → staging-next-25.05 (push) Failing after 14m28s
48 lines
1.2 KiB
Nix
48 lines
1.2 KiB
Nix
{
|
|
lib,
|
|
runCommand,
|
|
util-linux,
|
|
stdenv,
|
|
runtimeShell,
|
|
bashInteractive,
|
|
|
|
# apparmor deps
|
|
libapparmor,
|
|
apparmor-parser,
|
|
}:
|
|
(runCommand "logprof_conf"
|
|
{
|
|
header = ''
|
|
[settings]
|
|
# /etc/apparmor.d/ is read-only on NixOS
|
|
profiledir = /var/cache/apparmor/logprof
|
|
inactive_profiledir = /etc/apparmor.d/disable
|
|
# Use: journalctl -b --since today --grep audit: | aa-logprof
|
|
logfiles = /dev/stdin
|
|
|
|
parser = ${lib.getExe apparmor-parser}
|
|
ldd = ${lib.getExe' stdenv.cc.libc "ldd"}
|
|
logger = ${util-linux}/bin/logger
|
|
|
|
# customize how file ownership permissions are presented
|
|
# 0 - off
|
|
# 1 - default of what ever mode the log reported
|
|
# 2 - force the new permissions to be user
|
|
# 3 - force all perms on the rule to be user
|
|
default_owner_prompt = 1
|
|
|
|
[qualifiers]
|
|
${runtimeShell} = icnu
|
|
${bashInteractive}/bin/sh = icnu
|
|
${bashInteractive}/bin/bash = icnu
|
|
'';
|
|
passAsFile = [ "header" ];
|
|
}
|
|
''
|
|
mkdir $out
|
|
cp $headerPath $out/logprof.conf
|
|
ln -s ${libapparmor.src}/utils/severity.db $out/severity.db
|
|
sed '1,/\[qualifiers\]/d' ${libapparmor.src}/utils/logprof.conf >> $out/logprof.conf
|
|
''
|
|
)
|