ada3239253
First of all, the reason I added this to the "highlights" section is that we want users to be aware of these options, because in the end we really want to decrease the attack surface of NixOS services and this is a step towards improving that situation. The reason why I'm adding this to the changelog of the NixOS 19.03 release instead of 19.09 is that it makes backporting services that use these options easier. Doing the backport of the confinement module after the official release would mean that it's not part of the release announcement and potentially could fall under the radar of most users. These options and the whole module also do not change anything in existing services or affect other modules, so they're purely optional. Adding this "last minute" to the 19.03 release doesn't hurt and is probably a good preparation for the next months where we hopefully confine as much services as we can :-) I also have asked @samueldr and @lheckemann, whether they're okay with the inclusion in 19.03. While so far only @samueldr has accepted the change, we can still move the changelog entry to the NixOS 19.09 release notes in case @lheckemann rejects it. Signed-off-by: aszlig <aszlig@nix.build> |
||
|---|---|---|
| .. | ||
| doc | ||
| lib | ||
| maintainers | ||
| modules | ||
| tests | ||
| COPYING | ||
| default.nix | ||
| README | ||
| release-combined.nix | ||
| release-small.nix | ||
| release.nix | ||
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at http://nixos.org/nixos and in the manual in doc/manual.