From b99a23648291ab691579ec7d9da9eeb41245b63b Mon Sep 17 00:00:00 2001
From: xenofem <xenofem@xeno.science>
Date: Thu, 30 Jun 2022 13:02:18 -0400
Subject: [PATCH] linux fanotify overlay

---
 flake.lock | 27 +++++++++++++++++++++++++++
 flake.nix  | 24 ++++++++++++++++++++++++
 2 files changed, 51 insertions(+)
 create mode 100644 flake.lock
 create mode 100644 flake.nix

diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..f9aa16d
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1656461576,
+        "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..56ab959
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,24 @@
+{
+  description = "Overlay for Linux kernel with fanotify access controls enabled";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+  outputs = { self, nixpkgs }: let
+    pkgs = import nixpkgs { system = "x86_64-linux"; };
+  in rec {
+    packages.x86_64-linux = rec {
+      default = linux-kernel-fanotify;
+      linux-kernel-fanotify = pkgs.linuxPackages.kernel.override {
+        extraConfig = ''
+          FANOTIFY_ACCESS_PERMISSIONS y
+        '';
+      };
+    };
+
+    overlay = final: prev: {
+      linuxPackages_fanotify = pkgs.linuxPackages // {
+        kernel = packages.x86_64-linux.linux-kernel-fanotify;
+      };
+    };
+  };
+}