suzanne.soy/nixpkgs
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases Wiki Activity

grsecurity module: configure gradm iff RBAC is enabled

Browse Source
This commit is contained in:
Joachim Fasting 2015-04-03 13:02:27 +02:00
parent 8028357084
commit 3e847d512d
1 changed files with 12 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
nixos/modules/security/grsecurity.nix
View File

@ -313,22 +313,21 @@ in
# }; # };
# }; # };
system.activationScripts.grsec = system.activationScripts = lib.optionalAttrs (!cfg.config.disableRBAC) { grsec = ''
'' mkdir -p /etc/grsec
mkdir -p /etc/grsec if [ ! -f /etc/grsec/learn_config ]; then
if [ ! -f /etc/grsec/learn_config ]; then cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec
cp ${pkgs.gradm}/etc/grsec/learn_config /etc/grsec fi
fi if [ ! -f /etc/grsec/policy ]; then
if [ ! -f /etc/grsec/policy ]; then cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec
cp ${pkgs.gradm}/etc/grsec/policy /etc/grsec fi
fi chmod -R 0600 /etc/grsec
chmod -R 0600 /etc/grsec ''; };
'';
# Enable AppArmor, gradm udev rules, and utilities # Enable AppArmor, gradm udev rules, and utilities
security.apparmor.enable = true; security.apparmor.enable = true;
boot.kernelPackages = customGrsecPkg; boot.kernelPackages = customGrsecPkg;
services.udev.packages = [ pkgs.gradm ]; services.udev.packages = lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
environment.systemPackages = [ pkgs.gradm pkgs.paxctl pkgs.pax-utils ]; environment.systemPackages = [ pkgs.paxctl pkgs.pax-utils ] ++ lib.optional (!cfg.config.disableRBAC) pkgs.gradm;
}; };
} }