diff options
| author | Michael Raskin <7c6f434c@mail.ru> | 2020-09-27 13:07:38 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-09-27 13:07:38 +0000 |
| commit | 31a4e2e28bf29fc5ab1f70d28b5dbc2205a638a0 (patch) | |
| tree | 5fd228150808cdc3915afe3a58690c0425f8000a /nixos/modules/config | |
| parent | 862e6fe2c6b3f4f8aff53a9606eaafaaf3490d3d (diff) | |
| parent | fb6d63f3fdd95a5468d43a0693c8ca7c1894363f (diff) | |
Merge pull request #93457 from ju1m/apparmor
apparmor: fix and improve the service
Diffstat (limited to 'nixos/modules/config')
| -rw-r--r-- | nixos/modules/config/fonts/fontconfig.nix | 34 | ||||
| -rw-r--r-- | nixos/modules/config/malloc.nix | 7 |
2 files changed, 41 insertions, 0 deletions
diff --git a/nixos/modules/config/fonts/fontconfig.nix b/nixos/modules/config/fonts/fontconfig.nix index 5b681ca59464d..97607134bb1d9 100644 --- a/nixos/modules/config/fonts/fontconfig.nix +++ b/nixos/modules/config/fonts/fontconfig.nix @@ -448,6 +448,40 @@ in (mkIf cfg.enable { environment.systemPackages = [ pkgs.fontconfig ]; environment.etc.fonts.source = "${fontconfigEtc}/etc/fonts/"; + security.apparmor.includes."abstractions/fonts" = '' + # fonts.conf + r ${pkg.out}/etc/fonts/fonts.conf, + + # fontconfig default config files + r ${pkg.out}/etc/fonts/conf.d/*.conf, + + # 00-nixos-cache.conf + r ${cacheConf}, + + # 10-nixos-rendering.conf + r ${renderConf}, + + # 50-user.conf + ${optionalString cfg.includeUserConf '' + r ${pkg.out}/etc/fonts/conf.d.bak/50-user.conf, + ''} + + # local.conf (indirect priority 51) + ${optionalString (cfg.localConf != "") '' + r ${localConf}, + ''} + + # 52-nixos-default-fonts.conf + r ${defaultFontsConf}, + + # 53-no-bitmaps.conf + r ${rejectBitmaps}, + + ${optionalString (!cfg.allowType1) '' + # 53-nixos-reject-type1.conf + r ${rejectType1}, + ''} + ''; }) (mkIf cfg.enable { fonts.fontconfig.confPackages = [ confPkg ]; diff --git a/nixos/modules/config/malloc.nix b/nixos/modules/config/malloc.nix index 31a659ee83fe9..5c5752ef5153b 100644 --- a/nixos/modules/config/malloc.nix +++ b/nixos/modules/config/malloc.nix @@ -87,5 +87,12 @@ in environment.etc."ld-nix.so.preload".text = '' ${providerLibPath} ''; + security.apparmor.includes = { + "abstractions/base" = '' + r /etc/ld-nix.so.preload, + r ${config.environment.etc."ld-nix.so.preload".source}, + mr ${providerLibPath}, + ''; + }; }; } |