diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
-index da8fdd1a64a..45e953cd4ad 100644
+index 6270ac778ae..57f3dda64cd 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
-@@ -4657,7 +4657,7 @@
+@@ -4779,7 +4779,7 @@
name = "Julien Dehos";
};
julm = {
githubId = 21160136;
name = "Julien Moutinho";
diff --git a/nixos/doc/manual/release-notes/rl-2105.xml b/nixos/doc/manual/release-notes/rl-2105.xml
-index 6dd14d6051e..dd638259936 100644
+index b7947293c01..8abee64734d 100644
--- a/nixos/doc/manual/release-notes/rl-2105.xml
+++ b/nixos/doc/manual/release-notes/rl-2105.xml
-@@ -662,6 +662,23 @@ self: super:
+@@ -795,6 +795,23 @@ environment.systemPackages = [
The option's description was incorrect regarding ownership management and has been simplified greatly.
</para>
</listitem>
};
}
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
-index 3055459e781..d9cc86fcd4e 100644
+index 4a63a09ab84..43f052d150e 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
-@@ -199,7 +199,6 @@
+@@ -201,7 +201,6 @@
./rename.nix
./security/acme.nix
./security/apparmor.nix
./security/auditd.nix
./security/ca.nix
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
-index 680fa40b911..99b2632e254 100644
+index 00aafc6831b..3f8f78f012a 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
-@@ -38,6 +38,7 @@ with lib;
+@@ -36,6 +36,7 @@ with lib;
security.virtualisation.flushL1DataCache = mkDefault "always";
security.apparmor.enable = mkDefault true;
};
}
diff --git a/nixos/modules/virtualisation/lxd.nix b/nixos/modules/virtualisation/lxd.nix
-index 4b2adf4cc69..335dc67673f 100644
+index 96e8d68ae50..6b6f4b6e652 100644
--- a/nixos/modules/virtualisation/lxd.nix
+++ b/nixos/modules/virtualisation/lxd.nix
-@@ -83,11 +83,15 @@ in {
+@@ -97,11 +97,17 @@ in {
+ # does a bunch of unrelated things.
+ systemd.tmpfiles.rules = [ "d /var/lib/lxc/rootfs 0755 root root -" ];
- security.apparmor = {
- enable = true;
-- profiles = [
-- "${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start"
-- "${cfg.lxcPackage}/etc/apparmor.d/lxc-containers"
-- ];
- packages = [ cfg.lxcPackage ];
+- security.apparmor.packages = [ cfg.lxcPackage ];
+- security.apparmor.profiles = [
+- "${cfg.lxcPackage}/etc/apparmor.d/lxc-containers"
+- "${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start"
+- ];
++ security.apparmor = {
++ packages = [ cfg.lxcPackage ];
+ policies = {
+ "bin.lxc-start".profile = ''
+ include ${cfg.lxcPackage}/etc/apparmor.d/usr.bin.lxc-start
+ include ${cfg.lxcPackage}/etc/apparmor.d/lxc-containers
+ '';
+ };
- };
++ };
# TODO: remove once LXD gets proper support for cgroupsv2
+ # (currently most of the e.g. CPU accounting stuff doesn't work)
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
-index c31a20e5408..c2e864e551f 100644
+index fb45ec1a310..957d052ace1 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -25,6 +25,7 @@ in
+ '';
+})
diff --git a/pkgs/applications/networking/p2p/transmission/default.nix b/pkgs/applications/networking/p2p/transmission/default.nix
-index 8cc674b1ea7..bf09c4be1db 100644
+index 7e8b6b671cd..b2519eb2fa0 100644
--- a/pkgs/applications/networking/p2p/transmission/default.nix
+++ b/pkgs/applications/networking/p2p/transmission/default.nix
@@ -20,6 +20,7 @@
description = "Collection of common network programs";
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
-index c4c0ba9a7b6..c212d004e39 100644
+index 8dfaf25fc04..3c055686e2e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
-@@ -18758,7 +18758,7 @@ in
+@@ -19105,7 +19105,7 @@ in
inherit (callPackages ../os-specific/linux/apparmor { python = python3; })
libapparmor apparmor-utils apparmor-bin-utils apparmor-parser apparmor-pam
sourcephile / git / sourcephile-nix.git / blobdiff