nixpkgs-suyu/nixos/modules
Joachim Fasting 43fc394a5c
grsecurity module: disable EFI runtime services by default
Enabling EFI runtime services provides a venue for injecting code into
the kernel.

When grsecurity is enabled, we close this by default by disabling access
to EFI runtime services.  The upshot of this is that
/sys/firmware/efi/efivars will be unavailable by default (and attempts
to mount it will fail).

This is not strictly a grsecurity related option, it could be made into
a general option, but it seems to be of particular interest to
grsecurity users (for non-grsecurity users, there are other, more
immediate kernel injection attack dangers to contend with anyway).
2016-08-02 10:24:49 +02:00
..
config nixos/pulseaudio: increase service restart time 2016-07-30 23:42:54 +02:00
hardware nixos ati_unfree: auto-switch xorg to fglrxComat 2016-05-23 10:12:44 +02:00
i18n/input-method fcitx: refactor (#16858) 2016-07-11 17:50:22 +02:00
installer nixos-version: fix syntax error and add -h (#16906) 2016-07-13 09:11:32 +02:00
misc version module: refactor with fileContents 2016-08-01 18:40:36 +09:00
profiles documentation: fix start display-manager command 2016-07-04 10:25:31 +02:00
programs tmux module: do not override keys by default in VI mode (#17330) 2016-07-28 13:10:42 +02:00
security grsecurity module: disable EFI runtime services by default 2016-08-02 10:24:49 +02:00
services dnscrypt-proxy service: update resolver list 2016-08-02 09:36:22 +02:00
system Merge pull request #17042 from rasendubi/etc 2016-07-26 09:04:10 +02:00
tasks kbd task: fix colors in early initrd 2016-07-24 15:08:49 +03:00
testing KDE test: Bump kdm start timeout 2016-05-27 11:22:27 +02:00
virtualisation declarative containers: additional veths 2016-07-28 23:06:41 +02:00
module-list.nix Revert "phpfpm service: restructured pool configuration" 2016-07-27 23:53:58 +02:00
rename.nix nixos: rewrite the grsecurity module 2016-06-14 03:38:12 +02:00