cynicsketch
commented
3 months ago https://github.com/NixOS/nixpkgs/issues/331645 Packaging request made.
Open cynicsketch opened 3 months ago
cynicsketch
commented
3 months ago https://github.com/NixOS/nixpkgs/issues/331645 Packaging request made.
cynicsketch
commented
3 months ago It's already packaged: https://search.nixos.org/packages?channel=unstable&show=roddhjav-apparmor-rules&from=0&size=50&sort=relevance&type=packages&query=apparmor-rules
We're going to make this an optional feature under the Security overrides, since the upstream maintainers explicitly say that it's in testing and warn against potential breakage.
cynicsketch
commented
3 months ago https://github.com/NixOS/nixpkgs/issues/331645#issuecomment-2265546797
This is also currently a problem. Someone needs to set the package up to rip obsolete paths out and replace them with paths to the nix store where applicable, but this is going to take some time and expertise that I don't currently have.
wyyllou
commented
3 months ago NixOS/nixpkgs#331645 (comment)
This is also currently a problem. Someone needs to set the package up to rip obsolete paths out and replace them with paths to the nix store where applicable, but this is going to take some time and expertise that I don't currently have.
This can likely be done using the patches option of mkDerivation for the package, which creates a patchPhase in the nix build.
pkgs.stdenv.mkDerivation {
# ...
patches = [ ./path/to/patch ];
}https://github.com/NixOS/nixpkgs/issues/331645#issuecomment-2417178065
Looks like someone is working on it.
https://github.com/roddhjav/apparmor.d Massive repository of AppArmor profiles. This should be used by nix-mineral, as a strong MAC policy is the cornerstone of a good security model. It'd be more appropriate to try to get this packaged with upsteam in nixpkgs, though.