linux fanotify overlay

flake.lock

@@ -0,0 +1,27 @@
+{
+  "nodes": {
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1656461576,
+        "narHash": "sha256-rlmmw6lIlkMQIiB+NsnO8wQYWTfle8TA41UREPLP5VY=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "cf3ab54b4afe2b7477faa1dd0b65bf74c055d70c",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "nixpkgs": "nixpkgs"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}

flake.nix

@@ -0,0 +1,24 @@
+{
+  description = "Overlay for Linux kernel with fanotify access controls enabled";
+
+  inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+
+  outputs = { self, nixpkgs }: let
+    pkgs = import nixpkgs { system = "x86_64-linux"; };
+  in rec {
+    packages.x86_64-linux = rec {
+      default = linux-kernel-fanotify;
+      linux-kernel-fanotify = pkgs.linuxPackages.kernel.override {
+        extraConfig = ''
+          FANOTIFY_ACCESS_PERMISSIONS y
+        '';
+      };
+    };
+
+    overlay = final: prev: {
+      linuxPackages_fanotify = pkgs.linuxPackages // {
+        kernel = packages.x86_64-linux.linux-kernel-fanotify;
+      };
+    };
+  };
+}