From 13f7a67edde59f670e455a13556b41738b8e31dc Mon Sep 17 00:00:00 2001
From: Glen Goodwin <glen.goodwin1992@gmail.com>
Date: Thu, 28 Sep 2023 00:41:01 -0400
Subject: [PATCH] apparmor

---
 hosts/thinkpad/apparmor.nix | 5 +++++
 hosts/thinkpad/default.nix  | 1 +
 2 files changed, 6 insertions(+)
 create mode 100644 hosts/thinkpad/apparmor.nix

diff --git a/hosts/thinkpad/apparmor.nix b/hosts/thinkpad/apparmor.nix
new file mode 100644
index 0000000..dd96254
--- /dev/null
+++ b/hosts/thinkpad/apparmor.nix
@@ -0,0 +1,5 @@
+{ ... }:
+{
+  security.apparmor.enable = true;
+  security.apparmor.killUnconfinedConfinables = true;
+}
diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix
index 60c9b95..f61a1b8 100644
--- a/hosts/thinkpad/default.nix
+++ b/hosts/thinkpad/default.nix
@@ -10,6 +10,7 @@
     [ (import ./kernel.nix) ] ++
     [ (import ./auditd.nix) ] ++
     [ (import ./openssh.nix) ] ++
+    [ (import ./apparmor.nix) ] ++
     [ (import ../../modules/desktop/hyprland/default.nix) ]; # Window Manager
 
   hardware.sane = {