colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eadffd9154
nixpkgs/nixos/modules/security
History
Jörg Thalheim eadffd9154
nixos/wrappers: fix applying capabilities 
With libcap 2.41 the output of cap_to_text changed, also the original
author of code hoped that this would never happen.
To counter this now the security-wrapper only relies on the syscall
ABI, which is more stable and robust than string parsing. If new
breakages occur this will be more obvious because version numbers will
be incremented.
Furthermore all errors no make execution explicitly fail instead of
hiding errors behind debug environment variables and the code style was
more consistent with no goto fail; goto fail; vulnerabilities (https://gotofail.com/)
2021-01-14 08:46:57 +01:00
..
wrappers nixos/wrappers: fix applying capabilities 2021-01-14 08:46:57 +01:00
acme.nix Merge pull request #101482 from m1cr0man/jwsfix 2020-12-20 11:06:19 +01:00
acme.xml nixos/acme: fix typo in docs 2020-12-28 13:19:15 +01:00
apparmor-suid.nix Revert "apparmor: fix and improve the service" 2020-10-07 12:22:18 +02:00
apparmor.nix Revert "apparmor: fix and improve the service" 2020-10-07 12:22:18 +02:00
audit.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
doas.nix nixos/doas: add noLog option 2020-11-14 19:16:56 -08:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
hidepid.nix systemd: switch to unified cgroup hierarchy by default 2020-11-19 16:56:46 +01:00
hidepid.xml Revert "nixos/doc: re-format" 2019-09-19 19:17:30 +02:00
lock-kernel-modules.nix nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
misc.nix nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
oath.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
pam_mount.nix utillinux: rename to util-linux 2020-11-24 12:42:06 -05:00
pam_usb.nix [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
pam.nix nixos/pam: use pam_faillock instead of pam_tally 2021-01-03 15:54:23 +01:00
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
rngd.nix nixos/modules/security/rngd: Disable by default 2020-09-09 21:51:25 -04:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: add package option 2020-10-01 13:00:52 +02:00
systemd-confinement.nix confinement: fix assert for serviceConfig.ProtectSystem 2020-10-14 11:56:18 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00