lxd: Provide apparmor_parser

Previously, lxd would complain about apparmor_parser being missing: lxd[1037]: lvl=warn msg="AppArmor support has been disabled because 'apparmor_parser' couldn't be found" t=2018-11-19T18:32:47-0800 We need to provide a wrapped apparmor_parser that knows where to find <tunables/global>, which is #included by lxd’s generated profiles. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2018-11-19 22:36:56 -08:00 · 2018-11-19 22:36:56 -08:00 · 291499d10e
parent 80738ed9dc
commit 291499d10e
1 changed files with 4 additions and 0 deletions
--- a/pkgs/tools/admin/lxd/default.nix
+++ b/pkgs/tools/admin/lxd/default.nix
@ -2,6 +2,7 @@
 , makeWrapper, acl, rsync, gnutar, xz, btrfs-progs, gzip, dnsmasq
 , squashfsTools, iproute, iptables, ebtables, libcap, dqlite
 , sqlite-replication
+, writeShellScriptBin, apparmor-profiles, apparmor-parser
 }:

 buildGoPackage rec {
@ -31,6 +32,9 @@ buildGoPackage rec {

    wrapProgram $bin/bin/lxd --prefix PATH ":" ${stdenv.lib.makeBinPath [
      acl rsync gnutar xz btrfs-progs gzip dnsmasq squashfsTools iproute iptables ebtables
+      (writeShellScriptBin "apparmor_parser" ''
+        exec '${apparmor-parser}/bin/apparmor_parser' -I '${apparmor-profiles}/etc/apparmor.d' "$@"
+      '')
    ]}
  '';