alois31
f047e4357b
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
#265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.
Change-Id:
|
||
---|---|---|
.. | ||
ca-fd-leak | ||
containers | ||
coredumps | ||
fetch-git | ||
no-new-privileges | ||
setuid | ||
authorization.nix | ||
broken-userns.nix | ||
default.nix | ||
github-flakes.nix | ||
nix-copy-closure.nix | ||
nix-copy.nix | ||
nix-upgrade-nix.nix | ||
nss-preload.nix | ||
remote-builds-ssh-ng.nix | ||
remote-builds.nix | ||
sourcehut-flakes.nix | ||
symlink-resolvconf.nix | ||
tarball-flakes.nix | ||
util.nix |