pyrox.dev
lol
dbus: Enable AppArmor mediation support
+6
-2
pkgs/development/libraries/dbus/default.nix
+6
-2
pkgs/development/libraries/dbus/default.nix
···
5
5
, expat
6
6
, enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl
7
7
, systemd
8
+
, audit
9
+
, libapparmor
8
10
, libX11 ? null
9
11
, libICE ? null
10
12
, libSM ? null
···
70
72
libX11
71
73
libICE
72
74
libSM
73
-
] ++ lib.optional enableSystemd systemd;
75
+
] ++ lib.optional enableSystemd systemd
76
+
++ lib.optionals (!stdenv.isDarwin) [ audit libapparmor ];
74
77
# ToDo: optional selinux?
75
78
76
79
configureFlags = [
···
86
89
"--with-system-socket=/run/dbus/system_bus_socket"
87
90
"--with-systemdsystemunitdir=${placeholder ''out''}/etc/systemd/system"
88
91
"--with-systemduserunitdir=${placeholder ''out''}/etc/systemd/user"
89
-
] ++ lib.optional (!x11Support) "--without-x";
92
+
] ++ lib.optional (!x11Support) "--without-x"
93
+
++ lib.optionals (!stdenv.isDarwin) [ "--enable-apparmor" "--enable-libaudit" ];
90
94
91
95
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
92
96
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
+4
-1
pkgs/development/libraries/dbus/make-dbus-conf.nix
+4
-1
pkgs/development/libraries/dbus/make-dbus-conf.nix
···
1
1
{ runCommand, writeText, libxslt, dbus
2
2
, serviceDirectories ? []
3
3
, suidHelper ? "/var/setuid-wrappers/dbus-daemon-launch-helper"
4
+
, apparmor ? "disabled" # one of enabled, disabled, required
4
5
}:
5
6
6
7
/* DBus has two configuration parsers -- normal and "trivial", which is used
···
10
11
*/
11
12
runCommand "dbus-1"
12
13
{
13
-
inherit serviceDirectories suidHelper;
14
+
inherit serviceDirectories suidHelper apparmor;
14
15
preferLocalBuild = true;
15
16
allowSubstitutes = false;
16
17
XML_CATALOG_FILES = writeText "dbus-catalog.xml" ''
···
33
34
xsltproc --nonet \
34
35
--stringparam serviceDirectories "$serviceDirectories" \
35
36
--stringparam suidHelper "$suidHelper" \
37
+
--stringparam apparmor "$apparmor" \
36
38
${./make-system-conf.xsl} ${dbus}/share/dbus-1/system.conf \
37
39
> $out/system.conf
38
40
xsltproc --nonet \
39
41
--stringparam serviceDirectories "$serviceDirectories" \
42
+
--stringparam apparmor "$apparmor" \
40
43
${./make-session-conf.xsl} ${dbus}/share/dbus-1/session.conf \
41
44
> $out/session.conf
42
45
''
+4
pkgs/development/libraries/dbus/make-session-conf.xsl
+4
pkgs/development/libraries/dbus/make-session-conf.xsl
···
15
15
<xsl:output method='xml' encoding="UTF-8" doctype-system="busconfig.dtd" />
16
16
17
17
<xsl:param name="serviceDirectories" />
18
+
<xsl:param name="apparmor" />
18
19
19
20
<xsl:template match="/busconfig">
20
21
<busconfig>
21
22
<!-- We leave <standard_session_servicedirs/> because it includes XDG dirs and therefore user Nix profile. -->
22
23
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'servicedir' and name() != 'includedir']" />
24
+
25
+
<!-- configure AppArmor -->
26
+
<apparmor mode="{$apparmor}"/>
23
27
24
28
<xsl:for-each select="str:tokenize($serviceDirectories)">
25
29
<servicedir><xsl:value-of select="." />/share/dbus-1/services</servicedir>
+4
pkgs/development/libraries/dbus/make-system-conf.xsl
+4
pkgs/development/libraries/dbus/make-system-conf.xsl
···
16
16
17
17
<xsl:param name="serviceDirectories" />
18
18
<xsl:param name="suidHelper" />
19
+
<xsl:param name="apparmor" />
19
20
20
21
<xsl:template match="/busconfig">
21
22
<busconfig>
22
23
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'standard_system_servicedirs' and name() != 'servicehelper' and name() != 'servicedir' and name() != 'includedir']" />
24
+
25
+
<!-- configure AppArmor -->
26
+
<apparmor mode="{$apparmor}"/>
23
27
24
28
<!-- set suid helper -->
25
29
<servicehelper><xsl:value-of select="$suidHelper" /></servicehelper>
+2
-2
pkgs/top-level/all-packages.nix
+2
-2
pkgs/top-level/all-packages.nix
···
12471
12471
dbus-sharp-glib-1_0 = callPackage ../development/libraries/dbus-sharp-glib/dbus-sharp-glib-1.0.nix { };
12472
12472
dbus-sharp-glib-2_0 = callPackage ../development/libraries/dbus-sharp-glib { };
12473
12473
12474
-
makeDBusConf = { suidHelper, serviceDirectories }:
12474
+
makeDBusConf = { suidHelper, serviceDirectories, apparmor }:
12475
12475
callPackage ../development/libraries/dbus/make-dbus-conf.nix {
12476
-
inherit suidHelper serviceDirectories;
12476
+
inherit suidHelper serviceDirectories apparmor;
12477
12477
};
12478
12478
12479
12479
dee = callPackage ../development/libraries/dee { };