43fc394a5c
Enabling EFI runtime services provides a venue for injecting code into the kernel. When grsecurity is enabled, we close this by default by disabling access to EFI runtime services. The upshot of this is that /sys/firmware/efi/efivars will be unavailable by default (and attempts to mount it will fail). This is not strictly a grsecurity related option, it could be made into a general option, but it seems to be of particular interest to grsecurity users (for non-grsecurity users, there are other, more immediate kernel injection attack dangers to contend with anyway). |
||
|---|---|---|
| .. | ||
| doc/manual | ||
| lib | ||
| maintainers | ||
| modules | ||
| tests | ||
| COPYING | ||
| default.nix | ||
| README | ||
| release-combined.nix | ||
| release-small.nix | ||
| release.nix | ||
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at http://nixos.org/nixos and in the manual in doc/manual.