nixpkgs/nixos
Austin Seipp 64efd184ed grsecurity: Fix GRKERNSEC_PROC restrictions
Previously we were setting GRKERNSEC_PROC_USER y, which was a little bit
too strict. It doesn't allow a special group (e.g. the grsecurity group
users) to access /proc information - this requires
GRKERNSEC_PROC_USERGROUP y, and the two are mutually exclusive.

This was also not in line with the default automatic grsecurity
configuration - it actually defaults to USERGROUP (although it has a
default GID of 1001 instead of ours), not USER.

This introduces a new option restrictProcWithGroup - enabled by default
- which turns on GRKERNSEC_PROC_USERGROUP instead. It also turns off
restrictProc by default and makes sure both cannot be enabled.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:16:05 -05:00
..
doc Merge branch 'containers' 2014-04-10 15:55:51 +02:00
gui
lib Disable allowUnfree by default 2014-04-09 00:09:31 +02:00
maintainers Add all AWS regions to EBS AMI creation script. 2014-02-11 13:26:46 +01:00
modules grsecurity: Fix GRKERNSEC_PROC restrictions 2014-04-12 11:16:05 -05:00
tests Fix tests broken due to the firewall being enabled by default 2014-04-11 17:16:44 +02:00
COPYING
default.nix
README
release-combined.nix Add a regression test for udisks 2014-04-07 13:22:12 +02:00
release.nix Move generation of coverage reports from nixos/lib/testing to releaseTools 2014-03-03 13:57:08 +01:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.