nixpkgs-suyu/nixos/doc/manual/configuration
Joachim Fasting 43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
..
abstractions.xml
ad-hoc-network-config.xml
ad-hoc-packages.xml Unify NixOS and Nixpkgs channel structure 2015-08-05 17:37:11 +02:00
adding-custom-packages.xml Manual: Explicitly mark commands that require to be run as root (#15589) 2016-06-01 15:23:32 +01:00
config-file.xml Manual: rephrase definition for indented strings 2016-04-30 16:59:07 +03:00
config-syntax.xml
configuration.xml nixos manual: add chapter on grsecurity/PaX 2016-07-23 19:09:43 +02:00
customizing-packages.xml
declarative-packages.xml Unify NixOS and Nixpkgs channel structure 2015-08-05 17:37:11 +02:00
file-systems.xml
firewall.xml
grsecurity.xml grsecurity module: disable EFI runtime services by default 2016-08-02 10:24:49 +02:00
ipv4-config.xml Revert "Revert "Merge pull request #3182 from wkennington/master.ipv6"" 2014-08-31 09:46:16 -07:00
ipv6-config.xml
linux-kernel.xml Manual: Explicitly mark commands that require to be run as root (#15589) 2016-06-01 15:23:32 +01:00
luks-file-systems.xml Manual: Explicitly mark commands that require to be run as root (#15589) 2016-06-01 15:23:32 +01:00
modularity.xml
network-manager.xml Correct NetworkManager documentation 2015-02-24 22:09:36 +05:00
networking.xml
package-mgmt.xml
ssh.xml
summary.xml Fix typo in recursive set example 2015-01-04 19:28:16 +01:00
user-mgmt.xml Manual: Explicitly mark commands that require to be run as root (#15589) 2016-06-01 15:23:32 +01:00
wireless.xml Manual: Explicitly mark commands that require to be run as root (#15589) 2016-06-01 15:23:32 +01:00
x-windows.xml nixos manual: fix syntax 2016-06-03 19:23:17 +03:00