summary refs log tree commit diff
path: root/nixos/modules/profiles/hardened.nix
AgeCommit message (Expand)AuthorFilesLines
2020-04-17nixos/hardened: add emily to maintainersEmily1-1/+1
2020-04-17nixos/hardened: enable user namespaces for rootEmily1-2/+0
2020-04-17nixos/hardened: don't set vm.unprivileged_userfaultfdEmily1-3/+0
2020-04-17nixos/hardened: don't set vm.mmap_min_addrEmily1-10/+0
2020-04-17nixos/hardened: don't set vm.mmap_rnd{,_compat}_bitsEmily1-6/+0
2020-04-17nixos/hardened: don't set net.core.bpf_jit_hardenEmily1-3/+0
2020-04-17nixos/hardened: don't set kernel.unprivileged_bpf_disabledEmily1-4/+0
2020-04-17nixos/hardened: don't set kernel.dmesg_restrictEmily1-3/+0
2020-04-17nixos/hardened: don't set vsyscall=noneEmily1-3/+0
2020-04-17nixos/hardened: don't set slab_nomergeEmily1-3/+0
2020-04-05Revert "nixos/hardened: build sandbox incompatible with namespaces"Florian Klink1-2/+0
2019-11-26nixos/hardened: scudo default allocator. zero by default allow override.Kyle Copperfield1-0/+3
2019-11-19nixos/hardened: build sandbox incompatible with namespacesKyle Copperfield1-0/+2
2019-10-12nixos/hardened: blacklist old filesystems (#70482)Joachim F1-0/+21
2019-08-19Merge pull request #66687 from joachifm/feat/hardened-nixos-revert-graphene-m...Marek Mahut1-2/+0
2019-08-18nixos/systemd: install sysctl snippetsFlorian Klink1-11/+5
2019-08-15Revert "nixos/hardened: use graphene-hardened malloc by default"Joachim Fasting1-2/+0
2019-08-15nixos-hardened: disable unprivileged userfaultfd syscallsJoachim Fasting1-0/+3
2019-08-15nixos-hardened: enable page alloc randomizationJoachim Fasting1-0/+3
2019-07-30nixos/hardened: make pti=on overridablePierre Bourdon1-3/+2
2019-07-19Renaming security.virtualization.flushL1DataCache to virtualisationMarek Mahut1-1/+1
2019-07-04nixos/hardened: harder inet defaultsJoachim Fasting1-0/+30
2019-07-04nixos/hardened: disable ftrace by defaultJoachim Fasting1-0/+3
2019-05-07nixos/hardened: use graphene-hardened malloc by defaultJoachim Fasting1-0/+2
2019-01-05nixos/hardened profile: always enable ptiJoachim Fasting1-0/+3
2019-01-05nixos/hardened profile: slab/slub hardeningJoachim Fasting1-0/+6
2018-12-27nixos/security/misc: expose SMT control optionJoachim Fasting1-0/+2
2018-12-27nixos/security/misc: expose l1tf mitigation optionJoachim Fasting1-0/+2
2018-12-27nixos/security/misc: factor out protectKernelImageJoachim Fasting1-6/+2
2018-11-24nixos/hardened: restrict access to nix daemonJoachim Fasting1-0/+2
2018-10-15Merge pull request #48439 from joachifm/hardened-miscJoachim F1-12/+2
2018-10-15nixos/security/misc: initJoachim Fasting1-12/+2
2018-10-15nixos/hardened: add myself to maintainersJoachim Fasting1-0/+4
2018-07-20[bot] nixos/*: remove unused arguments in lambdasvolth1-1/+1
2017-09-09nixos/hardened: blacklist a few obscure net protocolsJoachim Fasting1-0/+7
2017-09-09nixos/hardened: set mmap_min_addrJoachim Fasting1-0/+10
2017-08-13nixos/hardened profile: increase ASLR entropyJoachim Fasting1-0/+6
2017-06-22nixos: replaced "userns" with "user namespaces" for clarityAndré-Patrick Bubel1-1/+1
2017-04-30nixos/hardened profile: disable user namespaces at runtimeJoachim Fasting1-0/+12
2017-04-30nixos/hardened profile: disable hibernationJoachim Fasting1-0/+3
2017-04-30nixos/hardened profile: use the linux_hardened kernelJoachim Fasting1-0/+5
2017-04-30nixos/hardened profile: lock kernel modulesJoachim Fasting1-0/+2
2017-04-29nixos/hardened profile: disable legacy virtual syscallsJoachim Fasting1-0/+5
2017-04-23nixos: add a "hardened" profileJoachim Fasting1-0/+35
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-31 04:13:53 +0000