cef2814a4f
This module adds an option `security.hideProcessInformation` that, when enabled, restricts access to process information such as command-line arguments to the process owner. The module adds a static group "proc" whose members are exempt from process information hiding. Ideally, this feature would be implemented by simply adding the appropriate mount options to `fileSystems."/proc".fsOptions`, but this was found to not work in vmtests. To ensure that process information hiding is enforced, we use a systemd service unit that remounts `/proc` after `systemd-remount-fs.service` has completed. To verify the correctness of the feature, simple tests were added to nixos/tests/misc: the test ensures that unprivileged users cannot see process information owned by another user, while members of "proc" CAN. Thanks to @abbradar for feedback and suggestions. |
||
---|---|---|
.. | ||
acme.nix | ||
acme.xml | ||
apparmor-suid.nix | ||
apparmor.nix | ||
audit.nix | ||
ca.nix | ||
duosec.nix | ||
grsecurity.nix | ||
hidepid.nix | ||
oath.nix | ||
pam_mount.nix | ||
pam_usb.nix | ||
pam.nix | ||
polkit.nix | ||
prey.nix | ||
rngd.nix | ||
rtkit.nix | ||
setuid-wrapper.c | ||
setuid-wrappers.nix | ||
sudo.nix |