mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-22 05:31:22 +00:00
43fc394a5c
Enabling EFI runtime services provides a venue for injecting code into the kernel. When grsecurity is enabled, we close this by default by disabling access to EFI runtime services. The upshot of this is that /sys/firmware/efi/efivars will be unavailable by default (and attempts to mount it will fail). This is not strictly a grsecurity related option, it could be made into a general option, but it seems to be of particular interest to grsecurity users (for non-grsecurity users, there are other, more immediate kernel injection attack dangers to contend with anyway). |
||
|---|---|---|
| .. | ||
| administration | ||
| configuration | ||
| development | ||
| installation | ||
| release-notes | ||
| default.nix | ||
| man-configuration.xml | ||
| man-nixos-build-vms.xml | ||
| man-nixos-generate-config.xml | ||
| man-nixos-install.xml | ||
| man-nixos-option.xml | ||
| man-nixos-rebuild.xml | ||
| man-nixos-version.xml | ||
| man-pages.xml | ||
| manual.xml | ||
| options-to-docbook.xsl | ||
| README | ||
| style.css | ||
To build the manual, you need Nix installed on your system (no need
for NixOS). To install Nix, follow the instructions at
https://nixos.org/nix/download.html
When you have Nix on your system, in the root directory of the project
(i.e., `nixpkgs`), run:
nix-build nixos/release.nix -A manual.x86_64-linux
When this command successfully finishes, it will tell you where the
manual got generated.