904f68fb0f
The security.wrappers option is morally a set of submodules but it's actually (un)typed as a generic attribute set. This is bad for several reasons: 1. Some of the "submodule" option are not document; 2. the default values are not documented and are chosen based on somewhat bizarre rules (issue #23217); 3. It's not possible to override an existing wrapper due to the dumb types.attrs.merge strategy; 4. It's easy to make mistakes that will go unnoticed, which is really bad given the sensitivity of this module (issue #47839). This makes the option a proper set of submodule and add strict types and descriptions to every sub-option. Considering it's not yet clear if the way the default values are picked is intended, this reproduces the current behavior, but it's now documented explicitly. |
||
---|---|---|
.. | ||
apparmor | ||
wrappers | ||
acme.nix | ||
acme.xml | ||
apparmor.nix | ||
audit.nix | ||
auditd.nix | ||
ca.nix | ||
chromium-suid-sandbox.nix | ||
dhparams.nix | ||
doas.nix | ||
duosec.nix | ||
google_oslogin.nix | ||
lock-kernel-modules.nix | ||
misc.nix | ||
oath.nix | ||
pam_mount.nix | ||
pam_usb.nix | ||
pam.nix | ||
polkit.nix | ||
rngd.nix | ||
rtkit.nix | ||
sudo.nix | ||
systemd-confinement.nix | ||
tpm2.nix |