cafkafk/nixpkgs
cafkafk/nixpkgs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
nixpkgs/nixos/tests
History
Joachim Fasting cef2814a4f nixos: add optional process information hiding 
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner.  The module adds a static group "proc"
whose members are exempt from process information hiding.

Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.

To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.

Thanks to @abbradar for feedback and suggestions.
2016-04-10 12:27:06 +02:00
..
common
avahi.nix avahi: fix test 2016-02-28 16:18:39 +01:00
bittorrent.nix
blivet.nix
boot.nix nixos/tests: Remove tests.boot.boot* prefixes 2016-03-01 19:02:36 +01:00
cadvisor.nix
chromium.nix nixos/tests/chromium: Propagate "system" to pkgs 2016-03-21 03:50:38 +01:00
cjdns.nix Rename 'emery' maintainer handle to 'ehmry', fixes #11493 2015-12-05 23:06:20 +01:00
containers.nix Unify NixOS and Nixpkgs channel structure 2015-08-05 17:37:11 +02:00
dnscrypt-proxy.nix dnscrypt-proxy vmtest: more specific waitForUnit 2016-03-24 17:14:22 +01:00
docker-registry.nix
docker.nix nixos/tests: fix docker test 2016-03-19 03:18:17 +01:00
ec2.nix Fix the boot-ec2-config test 2016-03-30 22:22:40 +02:00
etcd.nix etcd service: fix tests 2015-09-06 14:44:13 +02:00
firefox.nix Fix tests that use the Valgrind docs 2015-08-28 13:27:51 +02:00
firewall.nix nixos/tests/firewall.nix: ping now succeeds in the firewall's default configuration 2016-03-18 11:44:07 +01:00
fleet.nix
gitlab.nix
gnome3-gdm.nix nixos tests: add gdm test 2015-09-15 14:25:36 +02:00
gnome3.nix gnome3 test: increase timeout 2015-10-05 22:10:40 -06:00
grsecurity.nix grsecurity: add NixOS VM test 2016-01-24 04:06:19 +00:00
haka.nix haka: very basic testing 2016-01-23 01:20:14 +01:00
i3wm.nix
influxdb.nix
initrd-network.nix boot.initrd.network: Support DHCP 2016-02-02 19:59:27 +01:00
installer.nix nixos.tests.installer.swraid: mdadm verbosity 2016-03-28 14:00:00 -05:00
ipv6.nix
jenkins.nix
kde4.nix Fix tests that use the Valgrind docs 2015-08-28 13:27:51 +02:00
kexec.nix
keymap.nix nixos/tests: Add a test for keyboard layouts 2016-03-31 09:49:08 +02:00
kubernetes.nix
lightdm.nix nixos/tests/lightdm: Drop "session" screenshot. 2015-08-20 12:57:40 +02:00
login.nix
logstash.nix logstash service: fix tests 2015-09-06 15:20:56 +02:00
make-test.nix Add filesystem option to automatically grow to the maximum size 2015-09-24 19:59:44 +02:00
mathics.nix nixos/mathics: New service and test 2016-01-02 14:34:55 -08:00
mesos.nix
misc.nix nixos: add optional process information hiding 2016-04-10 12:27:06 +02:00
mpich-example.c
mpich.nix
mumble.nix
munin.nix
mysql-replication.nix
mysql.nix
nat.nix
networking-proxy.nix
networking.nix nixos/tests/networking: Expose subtests via attrs 2016-03-01 01:04:42 +01:00
nfs.nix filesystems: use list of strings for fs options 2016-02-06 19:48:30 +00:00
nsd.nix
openssh.nix nixos/tests/openssh: Fix test by using safe public keys 2015-08-12 11:16:26 -07:00
panamax.nix
partition.nix btrfsProgs -> canonical btrfs-progs 2016-01-03 20:38:44 +01:00
peerflix.nix
phabricator.nix
postgresql.nix nixos: add test for postgresql, fixes #11146 2016-01-20 03:42:59 +01:00
printing.nix nixos.tests.printing: fix for new CUPS version 2016-02-22 12:42:06 +03:00
proxy.nix Make proxy test more robust 2015-08-31 18:36:32 +02:00
pump.io.nix nixos tests: pump.io: init 2015-12-06 13:35:21 +00:00
quake3.nix nixos/tests/quake3: Don't quote +set arguments 2016-01-16 01:13:36 +01:00
rabbitmq.nix
riak.nix remove elrangR15 and riak 1.3.0 as they're outdated 2016-03-22 21:40:07 +00:00
run-in-machine.nix
sddm-kde5.nix nixos/tests: test SDDM with KDE 5 enabled 2015-12-11 07:09:08 -06:00
sddm.nix add nixos/tests/sddm 2015-11-23 06:39:19 -06:00
simple.nix nixos/tests/simple.nix: Include minimal.nix 2016-02-12 14:35:41 +01:00
slurm.nix slurm service: add tests 2015-12-25 15:55:07 +01:00
subversion.nix
test-config-examples.sh
testdb.sql
tomcat.nix
trac.nix
udisks2.nix
virtualbox.nix nixos/tests/virtualbox: Split up subtests 2016-02-29 20:15:31 +01:00
xfce.nix