Merge pull request #61306 from joachifm/feat/fix-apparmor-boot-linux_5_1
Fix apparmor boot on linux 5.1
This commit is contained in:
commit
428ddf0619
@ -29,6 +29,8 @@ in
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = [ pkgs.apparmor-utils ];
|
||||
|
||||
boot.kernelParams = [ "apparmor=1" "security=apparmor" ];
|
||||
|
||||
systemd.services.apparmor = let
|
||||
paths = concatMapStrings (s: " -I ${s}/etc/apparmor.d")
|
||||
([ pkgs.apparmor-profiles ] ++ cfg.packages);
|
||||
|
@ -30,6 +30,16 @@ import ./make-test.nix ({ pkgs, ...} : {
|
||||
''
|
||||
$machine->waitForUnit("multi-user.target");
|
||||
|
||||
subtest "apparmor-loaded", sub {
|
||||
$machine->succeed("systemctl status apparmor.service");
|
||||
};
|
||||
|
||||
# AppArmor securityfs
|
||||
subtest "apparmor-securityfs", sub {
|
||||
$machine->succeed("mountpoint -q /sys/kernel/security");
|
||||
$machine->succeed("cat /sys/kernel/security/apparmor/profiles");
|
||||
};
|
||||
|
||||
# Test loading out-of-tree modules
|
||||
subtest "extra-module-packages", sub {
|
||||
$machine->succeed("grep -Fq wireguard /proc/modules");
|
||||
|
Loading…
Reference in New Issue
Block a user