nixpkgs/nixos/modules/profiles
Joachim Fasting 63433537ce
nixos/hardened profile: disable legacy virtual syscalls
This eliminates a theoretical risk of ASLR bypass due to the fixed address
mapping used by the legacy vsyscall mechanism.  Modern glibc use vdso(7)
instead so there is no loss of functionality, but some programs may fail
to run in this configuration.  Programs that fail to run because vsyscall
has been disabled will be logged to dmesg.

For background on virtual syscalls see https://lwn.net/Articles/446528/

Closes https://github.com/NixOS/nixpkgs/pull/25289
2017-04-29 17:27:11 +02:00
..
all-hardware.nix nixos-generate-config.pl, all-hardware.nix: Add support for Hyper-V 2017-02-05 18:22:26 +09:00
base.nix zfs cannot be distributed. Disabling it in the isos. 2016-12-28 14:57:06 +01:00
clone-config.nix
demo.nix
docker-container.nix treewide: Use correct output in ${config.nix.package}/bin 2016-04-25 16:44:37 +02:00
graphical.nix nixos: fix renaming warning in graphical profile 2017-03-03 07:27:41 -06:00
hardened.nix nixos/hardened profile: disable legacy virtual syscalls 2017-04-29 17:27:11 +02:00
headless.nix
installation-device.nix install-device: correct command to start sshd 2017-01-25 21:09:31 +01:00
minimal.nix nixos: disable sound for minimal ISO 2016-11-23 02:24:13 +01:00
qemu-guest.nix