mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-25 15:11:35 +00:00
43fc394a5c
Enabling EFI runtime services provides a venue for injecting code into the kernel. When grsecurity is enabled, we close this by default by disabling access to EFI runtime services. The upshot of this is that /sys/firmware/efi/efivars will be unavailable by default (and attempts to mount it will fail). This is not strictly a grsecurity related option, it could be made into a general option, but it seems to be of particular interest to grsecurity users (for non-grsecurity users, there are other, more immediate kernel injection attack dangers to contend with anyway). |
||
---|---|---|
.. | ||
abstractions.xml | ||
ad-hoc-network-config.xml | ||
ad-hoc-packages.xml | ||
adding-custom-packages.xml | ||
config-file.xml | ||
config-syntax.xml | ||
configuration.xml | ||
customizing-packages.xml | ||
declarative-packages.xml | ||
file-systems.xml | ||
firewall.xml | ||
grsecurity.xml | ||
ipv4-config.xml | ||
ipv6-config.xml | ||
linux-kernel.xml | ||
luks-file-systems.xml | ||
modularity.xml | ||
network-manager.xml | ||
networking.xml | ||
package-mgmt.xml | ||
ssh.xml | ||
summary.xml | ||
user-mgmt.xml | ||
wireless.xml | ||
x-windows.xml |