cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/modules/security
History
Joachim Fasting d4d7bfe07b
grsecurity: add option to disable chroot caps restriction 
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
2016-05-10 16:17:08 +02:00
..
acme.nix acme.nix: Fix unit descriptions 2016-04-18 14:20:49 +02:00
acme.xml nixos/acme: Add module documentation 2015-12-12 16:06:53 +01:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix nixos: add AppArmor PAM support 2015-07-15 12:40:06 +02:00
audit.nix audit: Disable in containers 2016-01-26 16:25:40 +01:00
ca.nix cacert: fix formatting of example 2016-02-27 22:25:39 +13:00
duosec.nix
grsecurity.nix grsecurity: add option to disable chroot caps restriction 2016-05-10 16:17:08 +02:00
hidepid.nix nixos: add optional process information hiding 2016-04-10 12:27:06 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam_mount.nix pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
pam_usb.nix
polkit.nix nixos systemPackages: rework default outputs 2016-01-28 11:24:18 +01:00
prey.nix nixos: fix some types 2015-09-18 18:48:50 +00:00
rngd.nix
rtkit.nix
setuid-wrapper.c
setuid-wrappers.nix nixos/setuid-wrappers: Build with normal mkDerivation phases 2015-10-03 14:08:55 +02:00
sudo.nix