nixpkgs/nixos/modules/security
Austin Seipp 64efd184ed grsecurity: Fix GRKERNSEC_PROC restrictions
Previously we were setting GRKERNSEC_PROC_USER y, which was a little bit
too strict. It doesn't allow a special group (e.g. the grsecurity group
users) to access /proc information - this requires
GRKERNSEC_PROC_USERGROUP y, and the two are mutually exclusive.

This was also not in line with the default automatic grsecurity
configuration - it actually defaults to USERGROUP (although it has a
default GID of 1001 instead of ours), not USER.

This introduces a new option restrictProcWithGroup - enabled by default
- which turns on GRKERNSEC_PROC_USERGROUP instead. It also turns off
restrictProc by default and makes sure both cannot be enabled.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-12 11:16:05 -05:00
..
apparmor-suid.nix
apparmor.nix Remove uses of the "merge" option attribute 2013-10-28 22:45:56 +01:00
ca.nix Remove /etc/ca-bundle.crt 2014-02-11 17:13:36 +01:00
duosec.nix nixos: add Duo Security module 2014-03-16 07:11:50 -05:00
grsecurity.nix grsecurity: Fix GRKERNSEC_PROC restrictions 2014-04-12 11:16:05 -05:00
pam.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
pam_usb.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
polkit.nix polkit: Add some examples 2013-11-18 18:04:17 +01:00
prey.nix
rngd.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
rtkit.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
setuid-wrapper.c
setuid-wrappers.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00
sudo.nix Add lots of missing option types 2013-10-30 18:47:43 +01:00