Joachim Fasting
eb59755f70
tests/hardened: fix build
...
Bug introduced by 4ead3d2ec3
For ZHF https://github.com/NixOS/nixpkgs/issues/68361
2019-09-18 15:38:43 +02:00
volth
08f68313a4
treewide: remove redundant rec
2019-08-28 11:07:32 +00:00
Joachim F
b4a43a278b
Merge pull request #60187 from joachifm/feat/configurable-malloc
...
nixos: configurable system-wide malloc
2019-05-12 15:18:07 +00:00
Joachim Fasting
92d41f83fd
nixos/tests/hardened: check that apparmor is properly loaded
2019-05-11 18:21:44 +02:00
Joachim Fasting
10d3a0e10b
nixos/tests/hardened: test hardened malloc
2019-05-07 13:45:42 +02:00
Joachim Fasting
39c30a33c1
nixos/tests/hardened: test loading out-of-tree-modules
2019-01-06 13:19:28 +01:00
Joachim Fasting
84fb8820db
nixos/security/misc: factor out protectKernelImage
...
Introduces the option security.protectKernelImage that is intended to control
various mitigations to protect the integrity of the running kernel
image (i.e., prevent replacing it without rebooting).
This makes sense as a dedicated module as it is otherwise somewhat difficult
to override for hardened profile users who want e.g., hibernation to work.
2018-12-27 15:00:47 +01:00
Joachim Fasting
6a7f02d89d
nixos/hardened: restrict access to nix daemon
2018-11-24 16:06:21 +01:00
Joachim Fasting
62623b60d5
nixos/tests/hardened: fix build by disabling nix.useSandbox
2018-11-24 16:06:18 +01:00
volth
2e979e8ceb
[bot] nixos/*: remove unused arguments in lambdas
2018-07-20 20:56:59 +00:00
xeji
301072dc27
nixos/tests/hardened: fix test ( #40745 )
...
failed because `pgrep -u` segfaults when accesss to proc info
is denied on a hardened system.
2018-05-19 08:42:15 +02:00
Joachim Fasting
bccaf63067
nixos/hardened test: add failing test-case for deferred mounts
2017-09-22 23:53:27 +02:00
Joachim Fasting
586d04c588
nixos/tests: expand hardened tests
2017-09-16 13:14:07 +02:00
Joachim Fasting
a1678269f9
nixos/hardened profile: disable user namespaces at runtime
2017-04-30 15:17:27 +02:00
Joachim Fasting
ffa83edf4a
nixos/tests: add tests for exercising various hardening features
...
This test exercises the linux_hardened kernel along with the various
hardening features (enabled via the hardened profile).
Move hidepid test from misc, so that misc can go back to testing a vanilla
configuration.
2017-04-30 12:05:42 +02:00