pyrox.dev
lol
dbus: Enable AppArmor mediation support
+6
-2
pkgs/development/libraries/dbus/default.nix
+6
-2
pkgs/development/libraries/dbus/default.nix
···
5
, expat
6
, enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl
7
, systemd
8
, libX11 ? null
9
, libICE ? null
10
, libSM ? null
···
70
libX11
71
libICE
72
libSM
73
-
] ++ lib.optional enableSystemd systemd;
74
# ToDo: optional selinux?
75
76
configureFlags = [
···
86
"--with-system-socket=/run/dbus/system_bus_socket"
87
"--with-systemdsystemunitdir=${placeholder ''out''}/etc/systemd/system"
88
"--with-systemduserunitdir=${placeholder ''out''}/etc/systemd/user"
89
-
] ++ lib.optional (!x11Support) "--without-x";
90
91
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
92
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
···
5
, expat
6
, enableSystemd ? stdenv.isLinux && !stdenv.hostPlatform.isMusl
7
, systemd
8
+
, audit
9
+
, libapparmor
10
, libX11 ? null
11
, libICE ? null
12
, libSM ? null
···
72
libX11
73
libICE
74
libSM
75
+
] ++ lib.optional enableSystemd systemd
76
+
++ lib.optionals (!stdenv.isDarwin) [ audit libapparmor ];
77
# ToDo: optional selinux?
78
79
configureFlags = [
···
89
"--with-system-socket=/run/dbus/system_bus_socket"
90
"--with-systemdsystemunitdir=${placeholder ''out''}/etc/systemd/system"
91
"--with-systemduserunitdir=${placeholder ''out''}/etc/systemd/user"
92
+
] ++ lib.optional (!x11Support) "--without-x"
93
+
++ lib.optionals (!stdenv.isDarwin) [ "--enable-apparmor" "--enable-libaudit" ];
94
95
# Enable X11 autolaunch support in libdbus. This doesn't actually depend on X11
96
# (it just execs dbus-launch in dbus.tools), contrary to what the configure script demands.
+4
-1
pkgs/development/libraries/dbus/make-dbus-conf.nix
+4
-1
pkgs/development/libraries/dbus/make-dbus-conf.nix
···
1
{ runCommand, writeText, libxslt, dbus
2
, serviceDirectories ? []
3
, suidHelper ? "/var/setuid-wrappers/dbus-daemon-launch-helper"
4
}:
5
6
/* DBus has two configuration parsers -- normal and "trivial", which is used
···
10
*/
11
runCommand "dbus-1"
12
{
13
-
inherit serviceDirectories suidHelper;
14
preferLocalBuild = true;
15
allowSubstitutes = false;
16
XML_CATALOG_FILES = writeText "dbus-catalog.xml" ''
···
33
xsltproc --nonet \
34
--stringparam serviceDirectories "$serviceDirectories" \
35
--stringparam suidHelper "$suidHelper" \
36
${./make-system-conf.xsl} ${dbus}/share/dbus-1/system.conf \
37
> $out/system.conf
38
xsltproc --nonet \
39
--stringparam serviceDirectories "$serviceDirectories" \
40
${./make-session-conf.xsl} ${dbus}/share/dbus-1/session.conf \
41
> $out/session.conf
42
''
···
1
{ runCommand, writeText, libxslt, dbus
2
, serviceDirectories ? []
3
, suidHelper ? "/var/setuid-wrappers/dbus-daemon-launch-helper"
4
+
, apparmor ? "disabled" # one of enabled, disabled, required
5
}:
6
7
/* DBus has two configuration parsers -- normal and "trivial", which is used
···
11
*/
12
runCommand "dbus-1"
13
{
14
+
inherit serviceDirectories suidHelper apparmor;
15
preferLocalBuild = true;
16
allowSubstitutes = false;
17
XML_CATALOG_FILES = writeText "dbus-catalog.xml" ''
···
34
xsltproc --nonet \
35
--stringparam serviceDirectories "$serviceDirectories" \
36
--stringparam suidHelper "$suidHelper" \
37
+
--stringparam apparmor "$apparmor" \
38
${./make-system-conf.xsl} ${dbus}/share/dbus-1/system.conf \
39
> $out/system.conf
40
xsltproc --nonet \
41
--stringparam serviceDirectories "$serviceDirectories" \
42
+
--stringparam apparmor "$apparmor" \
43
${./make-session-conf.xsl} ${dbus}/share/dbus-1/session.conf \
44
> $out/session.conf
45
''
+4
pkgs/development/libraries/dbus/make-session-conf.xsl
+4
pkgs/development/libraries/dbus/make-session-conf.xsl
···
15
<xsl:output method='xml' encoding="UTF-8" doctype-system="busconfig.dtd" />
16
17
<xsl:param name="serviceDirectories" />
18
19
<xsl:template match="/busconfig">
20
<busconfig>
21
<!-- We leave <standard_session_servicedirs/> because it includes XDG dirs and therefore user Nix profile. -->
22
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'servicedir' and name() != 'includedir']" />
23
24
<xsl:for-each select="str:tokenize($serviceDirectories)">
25
<servicedir><xsl:value-of select="." />/share/dbus-1/services</servicedir>
···
15
<xsl:output method='xml' encoding="UTF-8" doctype-system="busconfig.dtd" />
16
17
<xsl:param name="serviceDirectories" />
18
+
<xsl:param name="apparmor" />
19
20
<xsl:template match="/busconfig">
21
<busconfig>
22
<!-- We leave <standard_session_servicedirs/> because it includes XDG dirs and therefore user Nix profile. -->
23
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'servicedir' and name() != 'includedir']" />
24
+
25
+
<!-- configure AppArmor -->
26
+
<apparmor mode="{$apparmor}"/>
27
28
<xsl:for-each select="str:tokenize($serviceDirectories)">
29
<servicedir><xsl:value-of select="." />/share/dbus-1/services</servicedir>
+4
pkgs/development/libraries/dbus/make-system-conf.xsl
+4
pkgs/development/libraries/dbus/make-system-conf.xsl
···
16
17
<xsl:param name="serviceDirectories" />
18
<xsl:param name="suidHelper" />
19
20
<xsl:template match="/busconfig">
21
<busconfig>
22
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'standard_system_servicedirs' and name() != 'servicehelper' and name() != 'servicedir' and name() != 'includedir']" />
23
24
<!-- set suid helper -->
25
<servicehelper><xsl:value-of select="$suidHelper" /></servicehelper>
···
16
17
<xsl:param name="serviceDirectories" />
18
<xsl:param name="suidHelper" />
19
+
<xsl:param name="apparmor" />
20
21
<xsl:template match="/busconfig">
22
<busconfig>
23
<xsl:copy-of select="child::node()[name() != 'include' and name() != 'standard_system_servicedirs' and name() != 'servicehelper' and name() != 'servicedir' and name() != 'includedir']" />
24
+
25
+
<!-- configure AppArmor -->
26
+
<apparmor mode="{$apparmor}"/>
27
28
<!-- set suid helper -->
29
<servicehelper><xsl:value-of select="$suidHelper" /></servicehelper>
+2
-2
pkgs/top-level/all-packages.nix
+2
-2
pkgs/top-level/all-packages.nix
···
12471
dbus-sharp-glib-1_0 = callPackage ../development/libraries/dbus-sharp-glib/dbus-sharp-glib-1.0.nix { };
12472
dbus-sharp-glib-2_0 = callPackage ../development/libraries/dbus-sharp-glib { };
12473
12474
-
makeDBusConf = { suidHelper, serviceDirectories }:
12475
callPackage ../development/libraries/dbus/make-dbus-conf.nix {
12476
-
inherit suidHelper serviceDirectories;
12477
};
12478
12479
dee = callPackage ../development/libraries/dee { };
···
12471
dbus-sharp-glib-1_0 = callPackage ../development/libraries/dbus-sharp-glib/dbus-sharp-glib-1.0.nix { };
12472
dbus-sharp-glib-2_0 = callPackage ../development/libraries/dbus-sharp-glib { };
12473
12474
+
makeDBusConf = { suidHelper, serviceDirectories, apparmor }:
12475
callPackage ../development/libraries/dbus/make-dbus-conf.nix {
12476
+
inherit suidHelper serviceDirectories apparmor;
12477
};
12478
12479
dee = callPackage ../development/libraries/dee { };