nixpkgs-suyu/nixos/modules/security
Andreas Rammhold 9630d5c07f
nixos/security/wrapper: ensure the tmpfs is not world writeable
The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.
2020-09-28 22:55:20 +02:00
..
apparmor apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
wrappers nixos/security/wrapper: ensure the tmpfs is not world writeable 2020-09-28 22:55:20 +02:00
acme.nix nixos/acme: More features and fixes 2020-09-06 01:28:19 +01:00
acme.xml nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
apparmor.nix apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
audit.nix
auditd.nix
ca.nix
chromium-suid-sandbox.nix
dhparams.nix
doas.nix nixos/doas: default rule should be first 2020-05-10 22:14:16 -07:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
hidepid.nix
hidepid.xml
lock-kernel-modules.nix
misc.nix nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
oath.nix
pam.nix Merge pull request #93457 from ju1m/apparmor 2020-09-27 13:07:38 +00:00
pam_mount.nix
pam_usb.nix
polkit.nix
rngd.nix nixos/modules/security/rngd: Disable by default 2020-09-09 21:51:25 -04:00
rtkit.nix
sudo.nix nixos/sudo: default rule should be first 2020-06-17 17:48:51 -07:00
systemd-confinement.nix systemd-confinement: handle ExecStarts etc being lists 2020-09-06 18:55:10 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00