about summary refs log tree commit diff
path: root/pkgs/os-specific/linux/iputils/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/os-specific/linux/iputils/default.nix')
-rw-r--r--pkgs/os-specific/linux/iputils/default.nix22
1 files changed, 22 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/iputils/default.nix b/pkgs/os-specific/linux/iputils/default.nix
index 56942d6d4201d..122a9ca1b7b99 100644
--- a/pkgs/os-specific/linux/iputils/default.nix
+++ b/pkgs/os-specific/linux/iputils/default.nix
@@ -1,6 +1,7 @@
 { lib, stdenv, fetchFromGitHub
 , meson, ninja, pkg-config, gettext, libxslt, docbook_xsl_ns
 , libcap, libidn2
+, apparmorRulesFromClosure
 }:
 
 let
@@ -20,6 +21,8 @@ in stdenv.mkDerivation rec {
     sha256 = "08j2hfgnfh31vv9rn1ml7090j2lsvm9wdpdz13rz60rmyzrx9dq3";
   };
 
+  outputs = ["out" "apparmor"];
+
   mesonFlags = [
     "-DBUILD_RARPD=true"
     "-DBUILD_TRACEROUTE6=true"
@@ -34,6 +37,25 @@ in stdenv.mkDerivation rec {
   nativeBuildInputs = [ meson ninja pkg-config gettext libxslt.bin docbook_xsl_ns ];
   buildInputs = [ libcap ]
     ++ lib.optional (!stdenv.hostPlatform.isMusl) libidn2;
+  postInstall = ''
+    install -D -m 644 /dev/stdin $apparmor/bin.ping <<EOF
+    include <tunables/global>
+    $out/bin/ping {
+      include <abstractions/base>
+      include <abstractions/consoles>
+      include <abstractions/nameservice>
+      include "${apparmorRulesFromClosure { name = "ping"; }
+       ([libcap] ++ lib.optional (!stdenv.hostPlatform.isMusl) libidn2)}"
+      include <local/bin.ping>
+      capability net_raw,
+      network inet raw,
+      network inet6 raw,
+      mr $out/bin/ping,
+      r $out/share/locale/**,
+      r @{PROC}/@{pid}/environ,
+    }
+    EOF
+  '';
 
   meta = with lib; {
     description = "A set of small useful utilities for Linux networking";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-19 05:27:13 +0000