New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improvements to the NixOS Hardened Profile #73763

Merged

joachifm merged 2 commits into NixOS:master from kmcopper:hardening-profile

Apr 3, 2020

Commits on Nov 19, 2019

nixos/hardened: build sandbox incompatible with namespaces

Disables the build sandbox by default to avoid incompatibility with
defaulting user namespaces to false. Ideally there would be some kind of
linux kernel feature that allows us to trust nix-daemon builders to
allow both nix sandbox builds and disabling untrusted naemspaces at the
same time.

Kyle Copperfield committed Nov 19, 2019

Commits on Nov 26, 2019

nixos/hardened: scudo default allocator. zero by default allow override.

Kyle Copperfield committed Nov 26, 2019
Configuration menu
View commit details

Copy full SHA for 759968a

Browse repository at this point
Copy the full SHA

759968a View commit details

Browse the repository at this point in the history