nixos: audit file_system

2020-05-23 14:54:38 +05:30 · 2020-05-23 14:54:38 +05:30 · 702a51be36
parent cea63690f0
commit 702a51be36
2 changed files with 28 additions and 10 deletions
--- a/nixos-modules/default.nix
+++ b/nixos-modules/default.nix
@ -78,6 +78,7 @@ let
      "vbox5"
      "intel_fb_drv"
      "vfs"
+      "vfs_audit"
      "vfs_ttf"
    ] ++ (with pkgs'; [ base-nova block_router ]);
    extraBinaries = [
@ -91,6 +92,7 @@ let
      "librump_fs.so"
      "libstdcxx.so"
      "libvfs.so"
+      "libvfs_audit.so"
      "libvfs_rump.so"
      "libvfs_ttf.so"
    ];
--- a/nixos-modules/dhall/vbox-host.dhall
+++ b/nixos-modules/dhall/vbox-host.dhall
@ -286,7 +286,7 @@ let rootInit =
                  Child.Attributes::{
                  , binary = "nit_fb"
                  , config = Init.Config::{
-                    , attributes = toMap { xpos = "600", width = "600" }
+                    , attributes = toMap { width = "600", height = "768" }
                    }
                  , provides = [ "Framebuffer", "Input" ]
                  , resources = Resources::{ ram = Genode.units.MiB 8 }
@ -465,13 +465,29 @@ let rootInit =
                          { name = "vfs"
                          , attributes = XML.emptyAttributes
                          , content =
-                            [ XML.leaf
-                                { name = "rump"
-                                , attributes = toMap
-                                    { fs = "ext2fs"
-                                    , writeable = "yes"
-                                    , ram = "8M"
-                                    }
+                            [ XML.element
+                                { name = "dir"
+                                , attributes = toMap { name = "ext2" }
+                                , content =
+                                  [ XML.leaf
+                                      { name = "rump"
+                                      , attributes = toMap
+                                          { fs = "ext2fs"
+                                          , writeable = "yes"
+                                          , ram = "8M"
+                                          }
+                                      }
+                                  ]
+                                }
+                            , XML.element
+                                { name = "dir"
+                                , attributes = toMap { name = "audit" }
+                                , content =
+                                  [ XML.leaf
+                                      { name = "audit"
+                                      , attributes = toMap { path = "ext2" }
+                                      }
+                                  ]
                                }
                            ]
                          }
@ -479,7 +495,7 @@ let rootInit =
                          { name = "policy"
                          , attributes = toMap
                              { label_prefix = "chroot"
-                              , root = "/"
+                              , root = "/audit"
                              , writeable = "yes"
                              }
                          }
@ -487,7 +503,7 @@ let rootInit =
                          { name = "policy"
                          , attributes = toMap
                              { label = "nix"
-                              , root = "/store"
+                              , root = "/audit/store"
                              , writeable = "no"
                              }
                          }