nixpkgs

mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 07:46:09 +01:00

History

Martin Weinelt 506bc7ba02 nixos/nginx: update hardening settings - Set an explicit umask that allows u+rwx and g+r. - Adds `ProtectControlGroups` and `ProtectKernelLogs`, there should be no need to access either. - Adds `ProtectClock` to prevent write-access to the system clock. - `ProtectProc` hides processes from other users within the /proc filesystem and `ProcSubSet` hides all files/directories unrelated to the process management of the units process. - Sets `RemoveIPC`, as there is no SysV or POSIX IPC within nginx that I know of. - Restricts the creation of arbitrary namespaces - Adds a reasonable `SystemCallFilter` preventing calls to @privileged, @obsolete and others. And finally applies some sorting based on the order these options appear in systemd.exec(5).		2021-04-30 18:49:43 +02:00
..
config	nixos/users-groups: check format of passwd entries	2021-04-22 13:18:38 +00:00
hardware	Merge pull request #119706 from nyanotech/master	2021-04-24 03:49:09 +02:00
i18n/input-method	input methods: add kime	2021-04-19 03:05:07 +09:00
installer	nixos-install: fix flake command	2021-04-24 11:49:59 +02:00
misc	nixos/misc/ids: reclaim uid for disnix	2021-03-28 21:40:44 +02:00
profiles
programs	nixos/flexoptix-app: Add the module	2021-04-17 18:37:10 +02:00
security	Merge pull request #116369 from m1cr0man/master	2021-03-23 21:31:42 +01:00
services	nixos/nginx: update hardening settings	2021-04-30 18:49:43 +02:00
system	Merge pull request #114637 from KaiHa/pr/fix-systemd-boot-builder	2021-04-25 11:35:00 +01:00
tasks	nixos/cpu-freq: fix typo in description	2021-04-21 22:03:18 +02:00
testing	treewide: use perl.withPackages when possible	2021-03-31 21:35:37 +02:00
virtualisation	nixos/hyperv: bail gracefully if device is missing	2021-04-29 09:37:17 +08:00
module-list.nix	init duckling service	2021-04-27 10:41:07 -07:00
rename.nix	quagga: remove	2021-04-22 12:48:48 +02:00