3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/security
Joachim Fasting aa24c4e95b
nixos/apparmor: allow reloading profiles without losing confinement
Define ExecReload, otherwise reload implies stop followed by start, which
leaves existing processes in unconfined state [1].

[1]: https://gitlab.com/apparmor/apparmor/wikis/AppArmorInSystemd
2019-04-28 17:38:12 +02:00
..
wrappers nixos/wrappers: remove outdated upgrade code 2018-10-21 15:12:36 +02:00
acme.nix
acme.xml
apparmor-suid.nix apparmor-suid: don't force glibc 2018-10-30 19:50:47 -05:00
apparmor.nix nixos/apparmor: allow reloading profiles without losing confinement 2019-04-28 17:38:12 +02:00
audit.nix
auditd.nix
ca.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
chromium-suid-sandbox.nix
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
duosec.nix nixos/security: make duo support secure failure correctly 2019-03-17 18:25:20 -07:00
google_oslogin.nix config.security.googleOsLogin: add module 2018-12-21 17:52:37 +01:00
hidepid.nix
hidepid.xml
lock-kernel-modules.nix
misc.nix nixos/hardened: split description of allowUserNamespaces into paras 2019-04-21 13:11:25 +02:00
oath.nix
pam.nix nixos/pam: Add GNOME keyring use_authtok directive to password group 2019-04-14 09:50:22 -04:00
pam_mount.nix
pam_usb.nix
polkit.nix
prey.nix
rngd.nix nixos/rngd: do not pass --version flag 2018-11-05 10:41:38 +01:00
rtkit.nix
sudo.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
systemd-confinement.nix nixos/confinement: Use PrivateMounts option 2019-03-27 20:34:32 +01:00