nixpkgs

History

Joachim Fasting cef2814a4f nixos: add optional process information hiding This module adds an option `security.hideProcessInformation` that, when enabled, restricts access to process information such as command-line arguments to the process owner. The module adds a static group "proc" whose members are exempt from process information hiding. Ideally, this feature would be implemented by simply adding the appropriate mount options to `fileSystems."/proc".fsOptions`, but this was found to not work in vmtests. To ensure that process information hiding is enforced, we use a systemd service unit that remounts `/proc` after `systemd-remount-fs.service` has completed. To verify the correctness of the feature, simple tests were added to nixos/tests/misc: the test ensures that unprivileged users cannot see process information owned by another user, while members of "proc" CAN. Thanks to @abbradar for feedback and suggestions.		2016-04-10 12:27:06 +02:00
..
acme.nix	simp_le: external_pem.sh plugin is now called external.sh	2016-02-26 01:31:58 +01:00
acme.xml	nixos/acme: Add module documentation	2015-12-12 16:06:53 +01:00
apparmor-suid.nix
apparmor.nix
audit.nix	audit: Disable in containers	2016-01-26 16:25:40 +01:00
ca.nix	cacert: fix formatting of example	2016-02-27 22:25:39 +13:00
duosec.nix
grsecurity.nix	fix installer tests #13559	2016-03-12 20:19:40 +00:00
hidepid.nix	nixos: add optional process information hiding	2016-04-10 12:27:06 +02:00
oath.nix	config.security.oath: new module	2016-02-25 13:52:45 +00:00
pam.nix	config.security.oath: new module	2016-02-25 13:52:45 +00:00
pam_mount.nix
pam_usb.nix
polkit.nix
prey.nix	nixos: fix some types	2015-09-18 18:48:50 +00:00
rngd.nix
rtkit.nix
setuid-wrapper.c
setuid-wrappers.nix
sudo.nix