nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-16 06:45:16 +01:00

History

Joachim Fasting 43fc394a5c grsecurity module: disable EFI runtime services by default Enabling EFI runtime services provides a venue for injecting code into the kernel. When grsecurity is enabled, we close this by default by disabling access to EFI runtime services. The upshot of this is that /sys/firmware/efi/efivars will be unavailable by default (and attempts to mount it will fail). This is not strictly a grsecurity related option, it could be made into a general option, but it seems to be of particular interest to grsecurity users (for non-grsecurity users, there are other, more immediate kernel injection attack dangers to contend with anyway).		2016-08-02 10:24:49 +02:00
..
acme.nix	Escape all shell arguments uniformly	2016-06-12 18:11:37 +01:00
acme.xml	acme: added option `security.acme.preliminarySelfsigned` (#15562 )	2016-06-01 11:39:46 +01:00
apparmor-suid.nix	apparmor-suid module: fix libcap lib output reference	2016-05-07 21:48:29 +02:00
apparmor.nix
audit.nix	audit: Disable in containers	2016-01-26 16:25:40 +01:00
ca.nix	cacert: fix formatting of example	2016-02-27 22:25:39 +13:00
duosec.nix
grsecurity.nix	grsecurity module: disable EFI runtime services by default	2016-08-02 10:24:49 +02:00
hidepid.nix	nixos: add optional process information hiding	2016-04-10 12:27:06 +02:00
oath.nix	config.security.oath: new module	2016-02-25 13:52:45 +00:00
pam.nix	nixos/i3lock-color: added to pam	2016-05-15 07:47:31 +02:00
pam_mount.nix
pam_usb.nix
polkit.nix	nixos systemPackages: rework default outputs	2016-01-28 11:24:18 +01:00
prey.nix
rngd.nix
rtkit.nix
setuid-wrapper.c
setuid-wrappers.nix	setuid-wrappers: remove config.system.path from the closure	2016-05-23 13:47:23 +01:00
sudo.nix