nixpkgs/nixos/modules/security
Joachim Fasting ea4f371627
nixos/security/misc: expose SMT control option
For the hardened profile disable symmetric multi threading.  There seems to be
no *proven* method of exploiting cache sharing between threads on the same CPU
core, so this may be considered quite paranoid, considering the perf cost.
SMT can be controlled at runtime, however.  This is in keeping with OpenBSD
defaults.

TODO: since SMT is left to be controlled at runtime, changing the option
definition should take effect on system activation.  Write to
/sys/devices/system/cpu/smt/control
2018-12-27 15:00:49 +01:00
..
wrappers nixos/wrappers: remove outdated upgrade code 2018-10-21 15:12:36 +02:00
acme.nix
acme.xml
apparmor-suid.nix apparmor-suid: don't force glibc 2018-10-30 19:50:47 -05:00
apparmor.nix
audit.nix
auditd.nix
ca.nix
chromium-suid-sandbox.nix
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
duosec.nix
google_oslogin.nix config.security.googleOsLogin: add module 2018-12-21 17:52:37 +01:00
hidepid.nix
hidepid.xml
lock-kernel-modules.nix
misc.nix nixos/security/misc: expose SMT control option 2018-12-27 15:00:49 +01:00
oath.nix
pam.nix security.pam.services.<name?>.: add googleOsLogin(AccountVerification|Authentication) 2018-12-21 17:52:37 +01:00
pam_mount.nix
pam_usb.nix
polkit.nix
prey.nix
rngd.nix nixos/rngd: do not pass --version flag 2018-11-05 10:41:38 +01:00
rtkit.nix
sudo.nix