nixos/apparmor: allow closure of selected mallocLib, fixes #125415

2021-06-06 17:30:45 +02:00 · 2021-06-06 17:30:45 +02:00 · 22e52be3b3
commit 22e52be3b3
parent c43e0f4873
1 changed files with 4 additions and 1 deletions
--- a/nixos/modules/config/malloc.nix
+++ b/nixos/modules/config/malloc.nix
@ -91,7 +91,10 @@ in
      "abstractions/base" = ''
        r /etc/ld-nix.so.preload,
        r ${config.environment.etc."ld-nix.so.preload".source},
-        mr ${providerLibPath},
+        include "${pkgs.apparmorRulesFromClosure {
+            name = "mallocLib";
+            baseRules = ["mr $path/lib/**.so*"];
+          } [ mallocLib ] }"
      '';
    };
  };