I think the intention of this functionality was to provide a simple
alternative to the "runAsRoot" and "contents" attributes.
The implementation caused very slow builds of Docker images. Almost all
of the build time was spent in IO for tar, due to tarballs being
created, immediately extracted, then recreated. I had 30 minute builds
on some of my images which are now down to less than 2 minutes. A couple
of other users on #nix IRC have observed similar improvements.
The implementation also mutated the produced Docker layers without
changing their hashes. Using non-empty tarballs would produce images
which got cached incorrectly in Docker.
I have a commit which just fixes the performance problem but I opted to
completely remove the tarball feature after I found out that it didn't
correctly implement the Docker Image Specification due to the broken
hashing.
There is no licenses.bsd. Consulting the source reveals that it
uses the language of the ISC license (which is supposed to be equivalent to
the simplified BSD license).
Commit 98d9bba introduced this option as a nullOr type and it actually
checks whether null has been set and only appends -dpi if that's the
case. So let's actually set the default to null instead of 0.
Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Works around failure with gcc5, see
https://hydra.nixos.org/build/34273319/nixlog/1/raw
Not a real fix, but a working build is better than nothing ...
I have tested that the program at least runs: it fails to load a few
plugins, tho, have no idea to what extent that affects use
Couldn't load plugin 'ricevideo.so':
/nix/store/...-mupen64plus-1.5/share/mupen64plus/plugins/ricevideo.so:
undefined symbol: glCombinerInputNV
Couldn't load plugin 'glN64.so':
/nix/store/...-mupen64plus-1.5/share/mupen64plus/plugins/glN64.so:
undefined symbol: glCombinerInputNV
This module adds an option `security.hideProcessInformation` that, when
enabled, restricts access to process information such as command-line
arguments to the process owner. The module adds a static group "proc"
whose members are exempt from process information hiding.
Ideally, this feature would be implemented by simply adding the
appropriate mount options to `fileSystems."/proc".fsOptions`, but this
was found to not work in vmtests. To ensure that process information
hiding is enforced, we use a systemd service unit that remounts `/proc`
after `systemd-remount-fs.service` has completed.
To verify the correctness of the feature, simple tests were added to
nixos/tests/misc: the test ensures that unprivileged users cannot see
process information owned by another user, while members of "proc" CAN.
Thanks to @abbradar for feedback and suggestions.
from http://www.acme.com/software/thttpd/#releasenotes
New in version 2.27:
- Stats syslogs changed from LOG_INFO to LOG_NOTICE.
- Use memmove() for self-overlapping string copies instead of strcpy().
- Couple of subroutine name changes for consistency.