forked from mirrors/nixpkgs
43fc394a5c
Enabling EFI runtime services provides a venue for injecting code into the kernel. When grsecurity is enabled, we close this by default by disabling access to EFI runtime services. The upshot of this is that /sys/firmware/efi/efivars will be unavailable by default (and attempts to mount it will fail). This is not strictly a grsecurity related option, it could be made into a general option, but it seems to be of particular interest to grsecurity users (for non-grsecurity users, there are other, more immediate kernel injection attack dangers to contend with anyway). |
||
|---|---|---|
| .. | ||
| abstractions.xml | ||
| ad-hoc-network-config.xml | ||
| ad-hoc-packages.xml | ||
| adding-custom-packages.xml | ||
| config-file.xml | ||
| config-syntax.xml | ||
| configuration.xml | ||
| customizing-packages.xml | ||
| declarative-packages.xml | ||
| file-systems.xml | ||
| firewall.xml | ||
| grsecurity.xml | ||
| ipv4-config.xml | ||
| ipv6-config.xml | ||
| linux-kernel.xml | ||
| luks-file-systems.xml | ||
| modularity.xml | ||
| network-manager.xml | ||
| networking.xml | ||
| package-mgmt.xml | ||
| ssh.xml | ||
| summary.xml | ||
| user-mgmt.xml | ||
| wireless.xml | ||
| x-windows.xml | ||