3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules
Andreas Rammhold 9630d5c07f
nixos/security/wrapper: ensure the tmpfs is not world writeable
The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.
2020-09-28 22:55:20 +02:00
..
config Merge pull request #93457 from ju1m/apparmor 2020-09-27 13:07:38 +00:00
hardware nvidia-x11.vulkan_beta: init at 450.56.11 (#97882) 2020-09-24 10:53:05 -04:00
i18n/input-method
installer nixos-rebuild: support --upgrade-all and document --upgrade (#83327) 2020-09-25 17:22:11 +02:00
misc nixos/update-users-groups: /etc/shadow owned by root:shadow 2020-09-25 09:38:35 -07:00
profiles nixos/hardened: update blacklisted filesystems 2020-09-27 06:16:58 +00:00
programs programs.neovim: fix documentation (#99023) 2020-09-28 22:42:18 +02:00
security nixos/security/wrapper: ensure the tmpfs is not world writeable 2020-09-28 22:55:20 +02:00
services nixos/molly-brown: refactor module to use a TOML generator 2020-09-28 14:38:31 +02:00
system Merge pull request #98503 from jtojnar/doc-prompts 2020-09-24 22:48:38 +02:00
tasks Revert "Merge #96844: nixos/nfsd: run rpc-statd as a normal user" 2020-09-10 21:31:35 +02:00
testing nixos/testing: remove remaining coverage-data logic 2020-09-05 16:07:59 +02:00
virtualisation Merge pull request #93457 from ju1m/apparmor 2020-09-27 13:07:38 +00:00
module-list.nix programs.neovim: init (#98506) 2020-09-28 17:07:45 +02:00
rename.nix Merge pull request #91256 from prusnak/seeks 2020-09-18 16:32:33 +02:00