summaryrefslogtreecommitdiffstats
path: root/nixos/modules/profiles/hardened.nix
AgeCommit message (Expand)Author
2022-01-26nixos/nix-daemon: use structural settingspolykernel
2021-04-23nixos/apparmor: disable killUnconfinedConfinables by defaultJulien Moutinho
2021-02-21nixos/hidepid: drop the module as the hidepid mount option is brokenDominik Xaver Hörl
2021-01-04profiles/hardened: Add note about potential instabilitytalyz
2020-09-27nixos/hardened: update blacklisted filesystemsTredwellGit
2020-08-25nixos/security/misc: add option unprivilegedUsernsCloneIzorkin
2020-04-17nixos/hardened: add emily to maintainersEmily
2020-04-17nixos/hardened: enable user namespaces for rootEmily
2020-04-17nixos/hardened: don't set vm.unprivileged_userfaultfdEmily
2020-04-17nixos/hardened: don't set vm.mmap_min_addrEmily
2020-04-17nixos/hardened: don't set vm.mmap_rnd{,_compat}_bitsEmily
2020-04-17nixos/hardened: don't set net.core.bpf_jit_hardenEmily
2020-04-17nixos/hardened: don't set kernel.unprivileged_bpf_disabledEmily
2020-04-17nixos/hardened: don't set kernel.dmesg_restrictEmily
2020-04-17nixos/hardened: don't set vsyscall=noneEmily
2020-04-17nixos/hardened: don't set slab_nomergeEmily
2020-04-05Revert "nixos/hardened: build sandbox incompatible with namespaces"Florian Klink
2019-11-26nixos/hardened: scudo default allocator. zero by default allow override.Kyle Copperfield
2019-11-19nixos/hardened: build sandbox incompatible with namespacesKyle Copperfield
2019-10-12nixos/hardened: blacklist old filesystems (#70482)Joachim F
2019-08-19Merge pull request #66687 from joachifm/feat/hardened-nixos-revert-graphene-m...Marek Mahut
2019-08-18nixos/systemd: install sysctl snippetsFlorian Klink
2019-08-15Revert "nixos/hardened: use graphene-hardened malloc by default"Joachim Fasting
2019-08-15nixos-hardened: disable unprivileged userfaultfd syscallsJoachim Fasting
2019-08-15nixos-hardened: enable page alloc randomizationJoachim Fasting
2019-07-30nixos/hardened: make pti=on overridablePierre Bourdon
2019-07-19Renaming security.virtualization.flushL1DataCache to virtualisationMarek Mahut
2019-07-04nixos/hardened: harder inet defaultsJoachim Fasting
2019-07-04nixos/hardened: disable ftrace by defaultJoachim Fasting
2019-05-07nixos/hardened: use graphene-hardened malloc by defaultJoachim Fasting
2019-01-05nixos/hardened profile: always enable ptiJoachim Fasting
2019-01-05nixos/hardened profile: slab/slub hardeningJoachim Fasting
2018-12-27nixos/security/misc: expose SMT control optionJoachim Fasting
2018-12-27nixos/security/misc: expose l1tf mitigation optionJoachim Fasting
2018-12-27nixos/security/misc: factor out protectKernelImageJoachim Fasting
2018-11-24nixos/hardened: restrict access to nix daemonJoachim Fasting
2018-10-15Merge pull request #48439 from joachifm/hardened-miscJoachim F
2018-10-15nixos/security/misc: initJoachim Fasting
2018-10-15nixos/hardened: add myself to maintainersJoachim Fasting
2018-07-20[bot] nixos/*: remove unused arguments in lambdasvolth
2017-09-09nixos/hardened: blacklist a few obscure net protocolsJoachim Fasting
2017-09-09nixos/hardened: set mmap_min_addrJoachim Fasting
2017-08-13nixos/hardened profile: increase ASLR entropyJoachim Fasting
2017-06-22nixos: replaced "userns" with "user namespaces" for clarityAndré-Patrick Bubel
2017-04-30nixos/hardened profile: disable user namespaces at runtimeJoachim Fasting
2017-04-30nixos/hardened profile: disable hibernationJoachim Fasting
2017-04-30nixos/hardened profile: use the linux_hardened kernelJoachim Fasting
2017-04-30nixos/hardened profile: lock kernel modulesJoachim Fasting
2017-04-29nixos/hardened profile: disable legacy virtual syscallsJoachim Fasting
2017-04-23nixos: add a "hardened" profileJoachim Fasting
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-10 15:43:07 +0000