search

nix-community / nix-snapd

Snap package for Nix and NixOS
MIT License
37 stars 2 forks source link

Enable AppArmor in NixOS module #2

Open io12 opened 10 months ago

io12 commented 10 months ago

The current issue is for some reason snap-confine can't read libudev even though the AppArmor profile was patched to have this rule.

/{,usr/,/nix/store/aglgni7yskphxmpdkc8yvah61drjfkqk-systemd-minimal-libs-254.3/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr,
io12 commented 10 months ago

The current issue is for some reason snap-confine can't read libudev even though the AppArmor profile was patched to have this rule.

/{,usr/,/nix/store/aglgni7yskphxmpdkc8yvah61drjfkqk-systemd-minimal-libs-254.3/}lib{,32,64,x32}/{,@{multiarch}/}libudev.so* mr,

Making a new rule instead of extending the old one with the {a,b} expansion seems to work.