3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/security
Joachim Fasting e99228db30
grsecurity module: force a known good kernel package set
Previously, we would only set a default value, on the theory that
`boot.kernelPackages` could be used to sanely configure a custom grsec
kernel.  Regrettably, this is not the case and users who expect e.g.,
`boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up
with a non-grsec kernel (this problem has come up twice on the bug
tracker recently).

With this patch, `security.grsecurity.enable = true` implies
`boot.kernelPackages = linuxPackages_grsec_nixos` and any customization
must be done via package override or by eschewing the module.
2016-11-28 12:11:04 +01:00
..
acme.nix nixos.acme: make timer persistent 2016-10-03 19:31:42 +02:00
acme.xml acme: we do want to support ipv4 afterall 2016-10-21 13:25:11 +02:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix
audit.nix audit module: only enable service if kernel has audit (#19569) 2016-10-15 16:03:41 +02:00
ca.nix cacerts: refactor, add blacklist option 2016-10-09 02:00:18 +02:00
chromium-suid-sandbox.nix chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
duosec.nix duosec module: use enum 2016-11-16 22:36:05 +09:00
grsecurity.nix grsecurity module: force a known good kernel package set 2016-11-28 12:11:04 +01:00
grsecurity.xml grsecurity module: force a known good kernel package set 2016-11-28 12:11:04 +01:00
hidepid.nix hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
hidepid.xml hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam.nix Revert "nixos/pam: clean up generated files (no functional change) (#18580)" 2016-09-17 16:39:49 -05:00
pam_mount.nix
pam_usb.nix
polkit.nix
prey.nix
rngd.nix rngd: update modalias to match cpu type 2016-09-17 18:36:57 -07:00
rtkit.nix
setuid-wrapper.c
setuid-wrappers.nix setuid-wrappers: correctly umount the tmpfs 2016-09-04 17:56:00 +02:00
sudo.nix sudo: Allow root to use sudo to switch groups 2016-09-13 23:15:56 +10:00