pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #155704 from reedriley/firejail

firejail: minor improvements and apparmor support

authored by 7c6f434c and committed by GitHub ddf6a38b a97ae545

+23 -8
unified split
+23 -8
pkgs/os-specific/linux/firejail/default.nix
··· 1 - { lib, stdenv, fetchFromGitHub, fetchpatch, which, xdg-dbus-proxy, nixosTests }: 1 + { lib 2 + , stdenv 3 + , fetchFromGitHub 4 + , fetchpatch 5 + , pkg-config 6 + , libapparmor 7 + , which 8 + , xdg-dbus-proxy 9 + , nixosTests 10 + }: 2 11 3 12 stdenv.mkDerivation rec { 4 13 pname = "firejail"; ··· 11 20 sha256 = "sha256-oKstTiGt0r4wePaZ9u1o78GZ1XWJ27aS0BdLxmfYk9Q="; 12 21 }; 13 22 14 - buildInputs = [ which ]; 23 + nativeBuildInputs = [ 24 + pkg-config 25 + ]; 26 + 27 + buildInputs = [ 28 + libapparmor 29 + which 30 + ]; 31 + 32 + configureFlags = [ 33 + "--enable-apparmor" 34 + ]; 15 35 16 36 patches = [ 17 37 # Adds the /nix directory when using an overlay. ··· 26 46 ]; 27 47 28 48 prePatch = '' 29 - # Allow whitelisting ~/.nix-profile 30 - substituteInPlace etc/firejail.config --replace \ 31 - '# follow-symlink-as-user yes' \ 32 - 'follow-symlink-as-user no' 33 - 34 49 # Fix the path to 'xdg-dbus-proxy' hardcoded in the 'common.h' file 35 50 substituteInPlace src/include/common.h \ 36 51 --replace '/usr/bin/xdg-dbus-proxy' '${xdg-dbus-proxy}/bin/xdg-dbus-proxy' ··· 62 77 # See https://github.com/netblue30/firejail/blob/e4cb6b42743ad18bd11d07fd32b51e8576239318/src/firejail/profile.c#L68-L83 63 78 # for the profile file lookup implementation. 64 79 postInstall = '' 65 - for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*.profile | awk '{print $2}' | sort | uniq) 80 + for local in $(grep -Eh '^include.*local$' $out/etc/firejail/*{.inc,.profile} | awk '{print $2}' | sort | uniq) 66 81 do 67 82 echo "include /etc/firejail/$local" >$out/etc/firejail/$local 68 83 done