apparmorRulesFromClosure

pkgs.apparmorRulesFromClosure

Functor

Docs pulled from | This Revision | 31 minutes ago

Applied 1 times

Contribute

Enhance the ecosystem with your expertise! Contribute to fill the gaps in documentation. Your input can make a difference.

Write API documentation for this function
Learn how to write documentation

Noogle detected

This is a Functor

Learn about functors

Implementation

The following is the current implementation of this function.

{
  # The store path of the derivation is given in $path
  additionalRules ? [ ],
  # TODO: factorize here some other common paths
  # that may emerge from use cases.
  baseRules ? [
    "$path r"
    "$path/etc/** r"
    "$path/share/** mr"
    # Note that not all libraries are prefixed with "lib",
    # eg. glibc-2.30/lib/ld-2.30.so
    "$path/lib/**.so* mr"
    "$path/lib64/**.so* mr"
    # eg. glibc-2.30/lib/gconv/gconv-modules
    "$path/lib/** r"
    "$path/lib64/** r"
    # Internal executables
    "$path/libexec/** ixr"
  ],
  name ? "",
}:
rootPaths:
runCommand ("apparmor-closure-rules" + lib.optionalString (name != "") "-${name}") { } ''
  touch $out
  while read -r path
  do printf >>$out "%s,\n" ${
    lib.concatMapStringsSep " " (x: "\"${x}\"") (baseRules ++ additionalRules)
  }
  done <${closureInfo { inherit rootPaths; }}/store-paths
''