nixpkgs/nixos/modules/security
Joachim Fasting 0677cc61c8
nixos: rewrite the grsecurity module
The new module is specifically adapted to the NixOS Grsecurity/PaX
kernel.  The module declares the required kernel configurations and
so *should* be somewhat compatible with custom Grsecurity kernels.

The module exposes only a limited number of options, minimising the need
for user intervention beyond enabling the module. For experts,
Grsecurity/PaX behavior may be configured via `boot.kernelParams` and
`boot.kernel.sysctl`.

The module assumes the user knows what she's doing (esp. if she decides
to modify configuration values not directly exposed by the module).

Administration of Grsecurity's role based access control system is yet
to be implemented.
2016-06-14 03:38:12 +02:00
..
acme.nix acme: added option security.acme.preliminarySelfsigned (#15562) 2016-06-01 11:39:46 +01:00
acme.xml acme: added option security.acme.preliminarySelfsigned (#15562) 2016-06-01 11:39:46 +01:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix nixos: add AppArmor PAM support 2015-07-15 12:40:06 +02:00
audit.nix audit: Disable in containers 2016-01-26 16:25:40 +01:00
ca.nix cacert: fix formatting of example 2016-02-27 22:25:39 +13:00
duosec.nix Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
grsecurity.nix nixos: rewrite the grsecurity module 2016-06-14 03:38:12 +02:00
hidepid.nix nixos: add optional process information hiding 2016-04-10 12:27:06 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam_mount.nix pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
pam_usb.nix
pam.nix nixos/i3lock-color: added to pam 2016-05-15 07:47:31 +02:00
polkit.nix nixos systemPackages: rework default outputs 2016-01-28 11:24:18 +01:00
prey.nix nixos: fix some types 2015-09-18 18:48:50 +00:00
rngd.nix nixos/rngd: some fixes 2015-01-06 17:27:07 +03:00
rtkit.nix
setuid-wrapper.c
setuid-wrappers.nix setuid-wrappers: remove config.system.path from the closure 2016-05-23 13:47:23 +01:00
sudo.nix sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid). 2015-03-30 23:50:45 +01:00