Joachim Fasting cef2814a4f nixos: add optional process information hiding ... This module adds an option `security.hideProcessInformation` that, when enabled, restricts access to process information such as command-line arguments to the process owner. The module adds a static group "proc" whose members are exempt from process information hiding. Ideally, this feature would be implemented by simply adding the appropriate mount options to `fileSystems."/proc".fsOptions`, but this was found to not work in vmtests. To ensure that process information hiding is enforced, we use a systemd service unit that remounts `/proc` after `systemd-remount-fs.service` has completed. To verify the correctness of the feature, simple tests were added to nixos/tests/misc: the test ensures that unprivileged users cannot see process information owned by another user, while members of "proc" CAN. Thanks to @abbradar for feedback and suggestions.		2016-04-10 12:27:06 +02:00
..
common
avahi.nix	avahi: fix test	2016-02-28 16:18:39 +01:00
bittorrent.nix
blivet.nix
boot.nix	nixos/tests: Remove tests.boot.boot* prefixes	2016-03-01 19:02:36 +01:00
cadvisor.nix
chromium.nix	nixos/tests/chromium: Propagate "system" to pkgs	2016-03-21 03:50:38 +01:00
cjdns.nix	Rename 'emery' maintainer handle to 'ehmry', fixes #11493	2015-12-05 23:06:20 +01:00
containers.nix
dnscrypt-proxy.nix	dnscrypt-proxy vmtest: more specific waitForUnit	2016-03-24 17:14:22 +01:00
docker-registry.nix
docker.nix	nixos/tests: fix docker test	2016-03-19 03:18:17 +01:00
ec2.nix	Fix the boot-ec2-config test	2016-03-30 22:22:40 +02:00
etcd.nix
firefox.nix
firewall.nix	nixos/tests/firewall.nix: ping now succeeds in the firewall's default configuration	2016-03-18 11:44:07 +01:00
fleet.nix
gitlab.nix
gnome3-gdm.nix	nixos tests: add gdm test	2015-09-15 14:25:36 +02:00
gnome3.nix	gnome3 test: increase timeout	2015-10-05 22:10:40 -06:00
grsecurity.nix	grsecurity: add NixOS VM test	2016-01-24 04:06:19 +00:00
haka.nix	haka: very basic testing	2016-01-23 01:20:14 +01:00
i3wm.nix
influxdb.nix
initrd-network.nix	boot.initrd.network: Support DHCP	2016-02-02 19:59:27 +01:00
installer.nix	nixos.tests.installer.swraid: mdadm verbosity	2016-03-28 14:00:00 -05:00
ipv6.nix
jenkins.nix
kde4.nix
kexec.nix
keymap.nix	nixos/tests: Add a test for keyboard layouts	2016-03-31 09:49:08 +02:00
kubernetes.nix
lightdm.nix
login.nix
logstash.nix	logstash service: fix tests	2015-09-06 15:20:56 +02:00
make-test.nix	Add filesystem option to automatically grow to the maximum size	2015-09-24 19:59:44 +02:00
mathics.nix	nixos/mathics: New service and test	2016-01-02 14:34:55 -08:00
mesos.nix
misc.nix	nixos: add optional process information hiding	2016-04-10 12:27:06 +02:00
mpich-example.c
mpich.nix
mumble.nix
munin.nix
mysql-replication.nix
mysql.nix
nat.nix
networking-proxy.nix
networking.nix	nixos/tests/networking: Expose subtests via attrs	2016-03-01 01:04:42 +01:00
nfs.nix	filesystems: use list of strings for fs options	2016-02-06 19:48:30 +00:00
nsd.nix
openssh.nix
panamax.nix
partition.nix	btrfsProgs -> canonical btrfs-progs	2016-01-03 20:38:44 +01:00
peerflix.nix
phabricator.nix
postgresql.nix	nixos: add test for postgresql, fixes #11146	2016-01-20 03:42:59 +01:00
printing.nix	nixos.tests.printing: fix for new CUPS version	2016-02-22 12:42:06 +03:00
proxy.nix
pump.io.nix	nixos tests: pump.io: init	2015-12-06 13:35:21 +00:00
quake3.nix	nixos/tests/quake3: Don't quote +set arguments	2016-01-16 01:13:36 +01:00
rabbitmq.nix
riak.nix	remove elrangR15 and riak 1.3.0 as they're outdated	2016-03-22 21:40:07 +00:00
run-in-machine.nix
sddm-kde5.nix	nixos/tests: test SDDM with KDE 5 enabled	2015-12-11 07:09:08 -06:00
sddm.nix	add nixos/tests/sddm	2015-11-23 06:39:19 -06:00
simple.nix	nixos/tests/simple.nix: Include minimal.nix	2016-02-12 14:35:41 +01:00
slurm.nix	slurm service: add tests	2015-12-25 15:55:07 +01:00
subversion.nix
test-config-examples.sh
testdb.sql
tomcat.nix
trac.nix
udisks2.nix
virtualbox.nix	nixos/tests/virtualbox: Split up subtests	2016-02-29 20:15:31 +01:00
xfce.nix