3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos
Joachim Fasting 43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
..
doc/manual grsecurity module: disable EFI runtime services by default 2016-08-02 10:24:49 +02:00
lib nixos: throw an error on invalid shell package 2016-07-04 15:12:27 +01:00
maintainers Add AMIs in ap-northeast-2 and ap-south-1 2016-07-12 17:26:25 +02:00
modules grsecurity module: disable EFI runtime services by default 2016-08-02 10:24:49 +02:00
tests containers: add myself to the maintainers of the tests 2016-07-28 23:06:41 +02:00
COPYING
default.nix nix: Add a "dev" output 2016-04-18 21:13:18 +02:00
README
release-combined.nix Remove nixos.tests.boot.biosUsb.* as release blockers 2016-07-21 11:44:55 +02:00
release-small.nix containers: test imperative and ipv4 in small-release (#15015) 2016-04-26 22:38:47 +02:00
release.nix release.nix: refactor with fileContents 2016-08-01 18:35:26 +09:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.