nixpkgs/nixos/modules/security
Joachim Fasting 984d9ebb56
hidepid: polkit and systemd-logind compatibility
`systemd.hideProcessInformation = true`, would break interactions
requiring polkit arbitration such as initating poweroff/reboot as a
normal user; the polkit daemon cannot be expected to make decisions
about processes that don't exist as far as it is concerned.

systemd-logind lacks the `sys_ptrace` capability and so needs to be part
of the designated proc gid, even though it runs as root.

Fixes https://github.com/NixOS/nixpkgs/issues/20948
2016-12-07 01:12:05 +01:00
..
acme.nix acme: ensure nginx challenges directory is writeable 2016-11-29 15:56:01 +01:00
acme.xml acme: ensure nginx challenges directory is writeable 2016-11-29 15:56:01 +01:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix nixos: add AppArmor PAM support 2015-07-15 12:40:06 +02:00
audit.nix audit module: only enable service if kernel has audit (#19569) 2016-10-15 16:03:41 +02:00
ca.nix cacerts: refactor, add blacklist option 2016-10-09 02:00:18 +02:00
chromium-suid-sandbox.nix chromium-suid-sandbox module: fix description 2016-08-08 10:17:31 +03:00
duosec.nix duosec module: use enum 2016-11-16 22:36:05 +09:00
grsecurity.nix grsecurity: enable optional sysfs restrictions 2016-12-06 01:23:36 +01:00
grsecurity.xml grsecurity: enable module hardening 2016-12-06 01:23:58 +01:00
hidepid.nix hidepid: polkit and systemd-logind compatibility 2016-12-07 01:12:05 +01:00
hidepid.xml hidepid module: detailed description to external doc 2016-09-15 15:36:03 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam_mount.nix pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
pam_usb.nix Rewrite ‘with pkgs.lib’ -> ‘with lib’ 2014-04-14 16:26:48 +02:00
pam.nix Revert "nixos/pam: clean up generated files (no functional change) (#18580)" 2016-09-17 16:39:49 -05:00
polkit.nix nixos systemPackages: rework default outputs 2016-01-28 11:24:18 +01:00
prey.nix nixos: fix some types 2015-09-18 18:48:50 +00:00
rngd.nix rngd: update modalias to match cpu type 2016-09-17 18:36:57 -07:00
rtkit.nix rtkit: Update from 0.10 to 0.11 2014-04-21 23:22:10 +02:00
setuid-wrapper.c setuid-wrapper: Fix broken string comparison 2014-04-19 10:58:30 +02:00
setuid-wrappers.nix setuid-wrappers: correctly umount the tmpfs 2016-09-04 17:56:00 +02:00
sudo.nix sudo: Allow root to use sudo to switch groups 2016-09-13 23:15:56 +10:00