nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-24 07:53:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

grsecurity module: configure gradm iff RBAC is enabled

Browse Source
This commit is contained in:
Joachim Fasting 2015-04-03 13:02:27 +02:00
parent 8028357084
commit 3e847d512d
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nixos/modules/security/grsecurity.nix
View File

@ -313,22 +313,21 @@ in
# };
# };
system.activationScripts.grsec =
''
mkdir -p /etc/grsec
if [ ! -f /etc/grsec/learn_config ]; then
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
fi
if [ ! -f /etc/grsec/policy ]; then
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
fi
chmod -R 0600 /etc/grsec
'';
system.activationScripts = lib.optionalAttrs (!cfg.config.disableRBAC) { grsec = ''
mkdir -p /etc/grsec
if [ ! -f /etc/grsec/learn_config ]; then
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
fi
if [ ! -f /etc/grsec/policy ]; then
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
fi
chmod -R 0600 /etc/grsec
''; };
# Enable AppArmor, gradm udev rules, and utilities
security.apparmor.enable = true;
boot.kernelPackages = customGrsecPkg;
services.udev.packages = [ pkgs.gradm ];
environment.systemPackages = [ pkgs.gradm pkgs.paxctl pkgs.pax-utils ];
services.udev.packages = lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
environment.systemPackages = [ pkgs.paxctl pkgs.pax-utils ] ++ lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
};
}