public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened: blacklist old filesystems (#70482)

Browse Source 
The rationale for this is that old filesystems have recieved little scrutiny
wrt. security relevant bugs.

Lifted from OpenSUSE[1].

[1]: 8cb42fb665

Co-Authored-By: Renaud <c0bw3b@users.noreply.github.com>
This commit is contained in:
Joachim F 2019-10-12 10:08:44 +00:00 committed by GitHub
parent 348fac7b52
commit 5bea2997fe
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 21 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
nixos/modules/profiles/hardened.nix
View File

@ -52,6 +52,27 @@ with lib;
"ax25" "ax25"
"netrom" "netrom"
"rose" "rose"
# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"qnx4"
"qnx6"
"sysv"
"ufs"
]; ];
# Restrict ptrace() usage to processes with a pre-defined relationship # Restrict ptrace() usage to processes with a pre-defined relationship