From 51a1475599229bb1d7112182bf03cdf919ce18f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?No=C3=A9=20Lopez?= Date: Mon, 8 Dec 2025 16:43:45 +0100 Subject: [PATCH] self: Install AppArmor profile. * guix/self.scm (apparmor-tunables): New procedure. (miscellaneous-files): Add etc/apparmor.d/{guix,guix-daemon,tunables/guix}. Change-Id: I8952ef4097924d62432775cc39d38098785fdcdf Signed-off-by: Rutherther --- guix/self.scm | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/guix/self.scm b/guix/self.scm index 4f6462783bb..9552d3208fe 100644 --- a/guix/self.scm +++ b/guix/self.scm @@ -695,6 +695,13 @@ DAEMON and to the current configuration variables." "etc/guix-daemon.cil.in" "guix-daemon.cil")) +(define (apparmor-tunables source daemon) + "Return the AppArmor tunables file used by the guix and guix-daemon AppArmor +profiles with its variables set." + (parameterized-file source daemon + "etc/apparmor.d/tunables/guix.in" + "apparmor-guix-tunables")) + (define (systemd-file source daemon file) "Return the given systemd file from SOURCE parameterized for DAEMON." (parameterized-file source daemon @@ -708,6 +715,12 @@ DAEMON and to the current configuration variables." ,(file-append* source "/etc/completion/bash/guix")) ("etc/bash_completion.d/guix-daemon" ,(file-append* source "/etc/completion/bash/guix-daemon")) + ("etc/apparmor.d/guix" + ,(file-append* source "/etc/apparmor.d/guix")) + ("etc/apparmor.d/guix-daemon" + ,(file-append* source "/etc/apparmor.d/guix-daemon")) + ("etc/apparmor.d/tunables/guix" + ,(apparmor-tunables source daemon)) ("share/zsh/site-functions/_guix" ,(file-append* source "/etc/completion/zsh/_guix")) ("share/fish/vendor_completions.d/guix.fish"