3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos
aszlig ada3239253
nixos/release-notes: Add entry about confinement
First of all, the reason I added this to the "highlights" section is
that we want users to be aware of these options, because in the end we
really want to decrease the attack surface of NixOS services and this is
a step towards improving that situation.

The reason why I'm adding this to the changelog of the NixOS 19.03
release instead of 19.09 is that it makes backporting services that use
these options easier. Doing the backport of the confinement module after
the official release would mean that it's not part of the release
announcement and potentially could fall under the radar of most users.

These options and the whole module also do not change anything in
existing services or affect other modules, so they're purely optional.

Adding this "last minute" to the 19.03 release doesn't hurt and is
probably a good preparation for the next months where we hopefully
confine as much services as we can :-)

I also have asked @samueldr and @lheckemann, whether they're okay with
the inclusion in 19.03. While so far only @samueldr has accepted the
change, we can still move the changelog entry to the NixOS 19.09 release
notes in case @lheckemann rejects it.

Signed-off-by: aszlig <aszlig@nix.build>
2019-03-27 21:07:07 +01:00
..
doc nixos/release-notes: Add entry about confinement 2019-03-27 21:07:07 +01:00
lib nixos: doc: optionally include all modules in manual generation 2019-03-05 09:41:40 +00:00
maintainers Merge pull request #44573 from vincentbernat/feature/cloudstack 2019-02-24 08:28:42 -08:00
modules nixos/confinement: Use PrivateMounts option 2019-03-27 20:34:32 +01:00
tests nixos/confinement: Allow to include the full unit 2019-03-14 20:04:33 +01:00
COPYING
default.nix
README
release-combined.nix pantheon: init a 5.0 2019-01-24 20:54:14 +00:00
release-small.nix
release.nix nixos/sd-image-aarch64-new-kernel: Added to release 2018-12-26 11:03:32 +00:00

*** NixOS ***

NixOS is a Linux distribution based on the purely functional package
management system Nix.  More information can be found at
http://nixos.org/nixos and in the manual in doc/manual.