mirrors/nixpkgs
1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-18 19:51:17 +00:00
Code Issues Wiki Activity
nixpkgs/nixos/modules/security
History
Lin Jian 759ec1113d
nixos/network-interfaces: stop wrapping ping with cap_net_raw 
From systemd 243 release note[1]:

This release enables unprivileged programs (i.e. requiring neither
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
kernel for the whole UNIX group range, i.e. all processes.

So this wrapper is not needed any more.

See also [2] and [3].

This patch also removes:
- apparmor profiles in NixOS for ping itself and the wrapped one
- other references for the wrapped ping

[1]: 8e2d9d40b3/NEWS (L6457-L6464)
[2]: https://github.com/systemd/systemd/pull/13141
[3]: https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange
2023-09-21 16:52:16 +08:00
..
acme nixos/acme: rename option credentialsFile to environmentFile 2023-09-11 16:34:20 +00:00
apparmor nixos/network-interfaces: stop wrapping ping with cap_net_raw 2023-09-21 16:52:16 +08:00
wrappers nixos/security/wrappers: remove all the assertions about readlink(/proc/self/exe) 2023-08-27 14:10:38 +02:00
apparmor.nix
audit.nix nixos: fix backticks in Markdown descriptions 2023-01-21 18:08:38 +01:00
auditd.nix
ca.nix nixos/qemu-vm: use CA certificates from host 2023-07-06 21:32:08 +10:00
chromium-suid-sandbox.nix
dhparams.nix
doas.nix doas: refactor config generation 2023-03-17 09:05:08 -07:00
duosec.nix
google_oslogin.nix
ipa.nix treewide: stop using types.string 2023-08-08 21:31:21 +08:00
lock-kernel-modules.nix treewide: use optional instead of 'then []' 2023-06-25 09:11:40 -03:00
misc.nix
oath.nix
pam.nix nixos/pam: fix typo in fscrypt enable option 2023-09-11 12:06:39 +02:00
pam_mount.nix nixos/pam_mount: fix mounts without options (#234026) 2023-05-25 22:45:59 +02:00
pam_usb.nix
please.nix
polkit.nix Revert "nixos/polkit: guard static gid for polkituser behind state version" 2023-02-25 22:32:16 -05:00
rngd.nix
rtkit.nix
sudo.nix nixos/sudo: Guard against security.sudo.package = pkgs.sudo-rs; 2023-09-04 22:00:00 +00:00
systemd-confinement.nix nixos/systemd-confinement: remove unused rootName 2023-01-20 22:39:16 +01:00
tpm2.nix nixos/tpm2: fix typo 2023-05-09 18:02:17 +04:00