Merge pull request #319286 from JohnRTitor/roddhjav-apparmor-rules

roddhjav-apparmor-rules: init at 0-unstable-2024-06-11

1 files changed, 47 insertions, 0 deletions

diff --git a/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix b/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix
new file mode 100644
index 0000000000000..6660a9be48b0a
--- /dev/null
+++ b/pkgs/by-name/ro/roddhjav-apparmor-rules/package.nix
@@ -0,0 +1,47 @@
+{
+  lib,
+  stdenvNoCC,
+  fetchFromGitHub,
+  unstableGitUpdater,
+}:
+
+stdenvNoCC.mkDerivation {
+  pname = "roddhjav-apparmor-rules";
+  version = "0-unstable-2024-06-11";
+
+  src = fetchFromGitHub {
+    owner = "roddhjav";
+    repo = "apparmor.d";
+    rev = "6d549b7c70415e884586c23a8a5d2448d89e543d";
+    hash = "sha256-iHBIBOKOsagDwQRD8SjymEeM3xTQhtTDeL8YvqhHtPQ=";
+  };
+
+  dontConfigure = true;
+  dontBuild = true;
+
+  installPhase = ''
+    runHook preInstall
+    mkdir -p $out/etc/apparmor.d
+    cp -r apparmor.d/* $out/etc/apparmor.d
+    runHook postInstall
+  '';
+
+  passthru.updateScript = unstableGitUpdater { };
+
+  meta = {
+    homepage = "https://github.com/roddhjav/apparmor.d";
+    description = "Over 1500 AppArmor profiles aiming to confine most linux processes";
+    longDescription = ''
+      AppArmor.d is a set of over 1500 AppArmor profiles whose aim is to confine
+      most Linux based applications and processes. Confines all system services, user services
+      and most desktop environments. Currently supported DEs are GNOME, KDE and XFCE (partial).
+      If your DE is not listed in https://github.com/roddhjav/apparmor.d
+      Do not use this, else it may break your system.
+    '';
+    license = lib.licenses.gpl2;
+    platforms = lib.platforms.linux;
+    maintainers = with lib.maintainers; [
+      johnrtitor
+    ];
+  };
+}