3
0
Fork 0
forked from mirrors/nixpkgs
Commit graph

10 commits

Author SHA1 Message Date
Joachim Fasting 39c30a33c1
nixos/tests/hardened: test loading out-of-tree-modules 2019-01-06 13:19:28 +01:00
Joachim Fasting 84fb8820db
nixos/security/misc: factor out protectKernelImage
Introduces the option security.protectKernelImage that is intended to control
various mitigations to protect the integrity of the running kernel
image (i.e., prevent replacing it without rebooting).

This makes sense as a dedicated module as it is otherwise somewhat difficult
to override for hardened profile users who want e.g., hibernation to work.
2018-12-27 15:00:47 +01:00
Joachim Fasting 6a7f02d89d
nixos/hardened: restrict access to nix daemon 2018-11-24 16:06:21 +01:00
Joachim Fasting 62623b60d5
nixos/tests/hardened: fix build by disabling nix.useSandbox 2018-11-24 16:06:18 +01:00
volth 2e979e8ceb [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
xeji 301072dc27 nixos/tests/hardened: fix test (#40745)
failed because `pgrep -u` segfaults when accesss to proc info
is denied on a hardened system.
2018-05-19 08:42:15 +02:00
Joachim Fasting bccaf63067
nixos/hardened test: add failing test-case for deferred mounts 2017-09-22 23:53:27 +02:00
Joachim Fasting 586d04c588
nixos/tests: expand hardened tests 2017-09-16 13:14:07 +02:00
Joachim Fasting a1678269f9
nixos/hardened profile: disable user namespaces at runtime 2017-04-30 15:17:27 +02:00
Joachim Fasting ffa83edf4a
nixos/tests: add tests for exercising various hardening features
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).

Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
2017-04-30 12:05:42 +02:00