From 614ea404433a8fd743171a020436b0a586ed4e8d Mon Sep 17 00:00:00 2001 From: David Izquierdo Date: Thu, 25 Oct 2018 10:20:34 +0200 Subject: [PATCH] Docs: init section Hardened in chapter Profiles --- nixos/doc/manual/configuration/profiles.xml | 1 + .../configuration/profiles/hardened.xml | 22 +++++++++++++++++++ 2 files changed, 23 insertions(+) create mode 100644 nixos/doc/manual/configuration/profiles/hardened.xml diff --git a/nixos/doc/manual/configuration/profiles.xml b/nixos/doc/manual/configuration/profiles.xml index 2f306f584de..db73445ef02 100644 --- a/nixos/doc/manual/configuration/profiles.xml +++ b/nixos/doc/manual/configuration/profiles.xml @@ -31,4 +31,5 @@ + diff --git a/nixos/doc/manual/configuration/profiles/hardened.xml b/nixos/doc/manual/configuration/profiles/hardened.xml new file mode 100644 index 00000000000..3f4b9242461 --- /dev/null +++ b/nixos/doc/manual/configuration/profiles/hardened.xml @@ -0,0 +1,22 @@ + +
+ Hardened + + A profile with most (vanilla) hardening options enabled by default, + potentially at the cost of features and performance. + + + This includes a hardened kernel, and limiting the system information + available to procesess via de /sys and + /proc filesystems. It also disables the User Namespaces + feature of the kernel, which stops Nix from being able to build anything + (this particular setting can be overriden via + ). See the + profile source for further detail on which settings are altered. + +