lix-project/lix
20
58
Fork 31
Code Issues 359 Code Review (Gerrit) Projects 3 Releases Wiki Activity
lix/tests/nixos
History
alois31 e7188e211a
libstore/build: block io_uring 
Unfortunately, io_uring is totally opaque to seccomp, and while currently there
are no dangerous operations implemented, there is no guarantee that it remains
this way. This means that io_uring should be blocked entirely to ensure that
the sandbox is future-proof. This has not been observed to cause issues in
practice.

Change-Id: I45d3895f95abe1bc103a63969f444c334dbbf50d
2024-07-25 18:24:45 +02:00
..
ca-fd-leak
containers
coredumps Allow enabling core dumps from builds for nix & child processes 2024-05-16 17:11:21 -07:00
fetch-git
io_uring libstore/build: block io_uring 2024-07-25 18:24:45 +02:00
no-new-privileges libstore/build: always enable seccomp filtering and no-new-privileges 2024-05-24 21:19:29 +00:00
setuid libstore/build: use an allowlist approach to syscall filtering 2024-07-25 18:24:40 +02:00
authorization.nix
broken-userns.nix Fix /etc/group having desynced IDs from the actual UID in the sandbox 2024-05-04 17:36:50 -07:00
default.nix libstore/build: block io_uring 2024-07-25 18:24:45 +02:00
github-flakes.nix Deprecate the online flake registries and vendor the default registry 2024-05-18 12:27:23 +10:00
nix-copy-closure.nix
nix-copy.nix tests/nixos/nix-copy: fix NixOS >= 24.05 compatibility 2024-06-08 17:59:08 +02:00
nix-upgrade-nix.nix nix3-upgrade-nix: always use the /new/ nix-env to perform the installation 2024-07-15 15:26:53 -06:00
nss-preload.nix
remote-builds-ssh-ng.nix
remote-builds.nix
sourcehut-flakes.nix
symlink-resolvconf.nix
tarball-flakes.nix Revert "libfetchers: make attribute / URL query handling consistent" 2024-06-24 22:49:17 +00:00
util.nix Allow enabling core dumps from builds for nix & child processes 2024-05-16 17:11:21 -07:00