nixpkgs/nixos/modules/security
Andreas Rammhold 9630d5c07f
nixos/security/wrapper: ensure the tmpfs is not world writeable
The /run/wrapper directory is a tmpfs. Unfortunately, it's mounted with
its root directory has the standard (for tmpfs) mode: 1777 (world writeable,
sticky -- the standard mode of shared temporary directories). This means that
every user can create new files and subdirectories there, but can't
move/delete/rename files that belong to other users.
2020-09-28 22:55:20 +02:00
..
apparmor apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
wrappers nixos/security/wrapper: ensure the tmpfs is not world writeable 2020-09-28 22:55:20 +02:00
acme.nix nixos/acme: More features and fixes 2020-09-06 01:28:19 +01:00
acme.xml nixos/acme: Update docs, use assert more effectively 2020-09-05 01:06:29 +01:00
apparmor.nix apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
audit.nix nixos: Move uses of stdenv.shell to runtimeShell. 2018-03-01 14:38:53 -05:00
auditd.nix auditd service: make more useful 2019-06-10 18:55:11 +03:00
ca.nix nixos: add preferLocalBuild=true; on derivations for config files 2019-02-22 20:11:27 +01:00
chromium-suid-sandbox.nix nixos/treewide: Move rename.nix imports to their respective modules 2019-12-10 02:51:19 +01:00
dhparams.nix dhparams module: add self as maintainer 2018-10-31 01:05:35 +09:00
doas.nix nixos/doas: default rule should be first 2020-05-10 22:14:16 -07:00
duosec.nix treewide: fix modules options types where the default is null 2020-04-28 19:13:59 +02:00
google_oslogin.nix nixos/google-oslogin: add to system.nssDatabases.group too 2020-05-11 16:14:50 +02:00
hidepid.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
hidepid.xml Revert "nixos/doc: re-format" 2019-09-19 19:17:30 +02:00
lock-kernel-modules.nix nixos/lock-kernel-modules: add myself to maintainers 2018-10-15 01:33:30 +02:00
misc.nix nixos/security/misc: add option unprivilegedUsernsClone 2020-08-25 14:18:24 +03:00
oath.nix [bot] nixos/*: remove unused arguments in lambdas 2018-07-20 20:56:59 +00:00
pam_mount.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
pam_usb.nix [bot] treewide: remove unused 'inherit' in let blocks 2018-07-20 19:38:19 +00:00
pam.nix Merge pull request #93457 from ju1m/apparmor 2020-09-27 13:07:38 +00:00
polkit.nix nixos/polkit: remove root from adminIdentities 2019-12-09 19:11:09 -05:00
rngd.nix nixos/modules/security/rngd: Disable by default 2020-09-09 21:51:25 -04:00
rtkit.nix treewide: use attrs instead of list for types.loaOf options 2020-01-06 10:39:18 -05:00
sudo.nix nixos/sudo: default rule should be first 2020-06-17 17:48:51 -07:00
systemd-confinement.nix systemd-confinement: handle ExecStarts etc being lists 2020-09-06 18:55:10 +02:00
tpm2.nix nixos: remove StandardOutput=syslog, StandardError=syslog lines 2020-08-13 18:49:15 +02:00