Revert "Revert "apparmor: fix and improve the service""

This reverts commit 420f89ceb2.
2020-10-18 15:36:24 +02:00
parent d239bc3643
commit 05d334cfe2
20 changed files with 805 additions and 164 deletions
--- a/nixos/modules/virtualisation/lxc.nix
+++ b/nixos/modules/virtualisation/lxc.nix
@@ -74,9 +74,13 @@ in
    systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];

    security.apparmor.packages = [ pkgs.lxc ];
-    security.apparmor.profiles = [
-      "${pkgs.lxc}/etc/apparmor.d/lxc-containers"
-      "${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start"
-    ];
+    security.apparmor.policies = {
+      "bin.lxc-start".profile = ''
+        include ${pkgs.lxc}/etc/apparmor.d/usr.bin.lxc-start
+      '';
+      "lxc-containers".profile = ''
+        include ${pkgs.lxc}/etc/apparmor.d/lxc-containers
+      '';
+    };
  };
 }