suzanne.soy/nixpkgs
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

grsecurity module: configure gradm iff RBAC is enabled

Browse Source
This commit is contained in:
Joachim Fasting 2015-04-03 13:02:27 +02:00
parent 8028357084
commit 3e847d512d
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/security/grsecurity.nix
View File

@ -313,8 +313,7 @@ in
# }; # };
# }; # };
system.activationScripts.grsec = system.activationScripts = lib.optionalAttrs (!cfg.config.disableRBAC) { grsec = ''
''
mkdir -p /etc/grsec mkdir -p /etc/grsec
if [ ! -f /etc/grsec/learn_config ]; then if [ ! -f /etc/grsec/learn_config ]; then
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
@ -323,12 +322,12 @@ in
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
fi fi
chmod -R 0600 /etc/grsec chmod -R 0600 /etc/grsec
''; ''; };
# Enable AppArmor, gradm udev rules, and utilities # Enable AppArmor, gradm udev rules, and utilities
security.apparmor.enable = true; security.apparmor.enable = true;
boot.kernelPackages = customGrsecPkg; boot.kernelPackages = customGrsecPkg;
services.udev.packages = [ pkgs.gradm ]; services.udev.packages = lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
environment.systemPackages = [ pkgs.gradm pkgs.paxctl pkgs.pax-utils ]; environment.systemPackages = [ pkgs.paxctl pkgs.pax-utils ] ++ lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
}; };
} }