nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-29 10:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
e3550208de
nixpkgs/nixos/modules/security
History
Robert Obryk e3550208de nixos/security/wrappers: read capabilities off /proc/self/exe directly 
/proc/self/exe is a "fake" symlink. When it's opened, it always opens
the actual file that was execve()d in this process, even if the file was
deleted or renamed; if the file is no longer accessible from the current
chroot/mount namespace it will at the very worst fail and never open the
wrong file. Thus, we can make a much simpler argument that we're reading
capabilities off the correct file after this change (and that argument
doesn't rely on things such as protected_hardlinks being enabled, or no
users being able to write to /run/wrappers, or the verification that the
path readlink returns starts with /run/wrappers/).
2023-08-27 14:10:38 +02:00
..
acme security/acme: Fix listenHTTP bug with IPv6 addresses 2023-05-14 20:27:52 -04:00
apparmor nixos/apparmor: support custom i18n glibc locales 2023-07-12 21:38:31 +02:00
wrappers nixos/security/wrappers: read capabilities off /proc/self/exe directly 2023-08-27 14:10:38 +02:00
apparmor.nix nixos: fix typos 2022-12-17 19:31:14 -05:00
audit.nix nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
auditd.nix nixos/*: automatically convert option descriptions 2022-08-31 16:32:53 +02:00
ca.nix nixos/qemu-vm: use CA certificates from host 2023-07-06 21:32:08 +10:00
chromium-suid-sandbox.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
dhparams.nix nixos/*: convert options with admonitions to MD 2022-08-31 16:36:16 +02:00
doas.nix doas: refactor config generation 2023-03-17 09:05:08 -07:00
duosec.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
google_oslogin.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
ipa.nix treewide: stop using types.string 2023-08-08 21:31:21 +08:00
lock-kernel-modules.nix treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
misc.nix nixos/*: convert varlist-using options to MD 2022-08-31 16:32:53 +02:00
oath.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
pam_mount.nix nixos/pam_mount: fix mounts without options (#234026) 2023-05-25 22:45:59 +02:00
pam_usb.nix nixos/*: automatically convert option docs to MD 2022-08-03 22:46:41 +02:00
pam.nix security/pam: add umask option to configure pam_mkhomedir 2023-08-10 20:35:08 -04:00
please.nix nixos/please: init module 2022-10-15 07:05:10 -07:00
polkit.nix Revert "nixos/polkit: guard static gid for polkituser behind state version" 2023-02-25 22:32:16 -05:00
rngd.nix nixos/rngd: Remove module entirely, leave an explaination 2021-02-21 01:32:50 +01:00
rtkit.nix treewide: automatically md-convert option descriptions 2022-07-30 15:16:34 +02:00
sudo.nix treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
systemd-confinement.nix nixos/systemd-confinement: remove unused rootName 2023-01-20 22:39:16 +01:00
tpm2.nix nixos/tpm2: fix typo 2023-05-09 18:02:17 +04:00