lunaphied/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity
lix/tests/nixos
History
alois31 f047e4357b libstore/build: always enable seccomp filtering and no-new-privileges 
Seccomp filtering and the no-new-privileges functionality improve the security
of the sandbox, and have been enabled by default for a long time. In
lix-project/lix#265 it was decided that they
should be enabled unconditionally. Accordingly, remove the allow-new-privileges
(which had weird behavior anyway) and filter-syscall settings, and force the
security features on. Syscall filtering can still be enabled at build time to
support building on architectures libseccomp doesn't support.

Change-Id: Iedbfa18d720ae557dee07a24f69b2520f30119cb
2024-05-24 21:19:29 +00:00
..
ca-fd-leak Copy the output of fixed-output derivations before registering them 2024-03-07 01:44:58 +00:00
containers Re-enable systemd-nspawn test 2023-09-20 17:03:47 +00:00
coredumps Allow enabling core dumps from builds for nix & child processes 2024-05-16 17:11:21 -07:00
fetch-git Add pre-commit checks 2024-03-29 22:57:40 -07:00
no-new-privileges libstore/build: always enable seccomp filtering and no-new-privileges 2024-05-24 21:19:29 +00:00
setuid libstore/local-derivation-goal: prohibit creating setuid/setgid binaries 2024-05-03 16:29:06 +02:00
authorization.nix Allow to sign path as unprivileged user 2023-06-27 18:31:31 +02:00
broken-userns.nix Fix /etc/group having desynced IDs from the actual UID in the sandbox 2024-05-04 17:36:50 -07:00
default.nix libstore/build: always enable seccomp filtering and no-new-privileges 2024-05-24 21:19:29 +00:00
github-flakes.nix Deprecate the online flake registries and vendor the default registry 2024-05-18 12:27:23 +10:00
nix-copy-closure.nix make the multi-node vm tests a bit more reliable 2024-03-10 10:10:52 +01:00
nix-copy.nix make the multi-node vm tests a bit more reliable 2024-03-10 10:10:52 +01:00
nix-upgrade-nix.nix add VM test for nix upgrade-nix 2024-04-29 01:19:21 +00:00
nss-preload.nix Merge pull request #9631 from cole-h/fixup-check-warnings 2024-03-07 09:58:15 +01:00
remote-builds-ssh-ng.nix ssh-ng: Set log-fd for ssh to 4 by default 2024-04-26 19:04:06 +02:00
remote-builds.nix make the multi-node vm tests a bit more reliable 2024-03-10 10:10:52 +01:00
sourcehut-flakes.nix tests: unhaunt the flakes nixos tests 2024-04-18 20:09:19 +00:00
symlink-resolvconf.nix libstore/build: set NO_NEW_PRIVS for the sandbox 2024-04-15 10:25:29 +03:00
tarball-flakes.nix tests: add error messages to the asserts in tarball flakes test 2024-04-22 16:13:36 -06:00
util.nix Allow enabling core dumps from builds for nix & child processes 2024-05-16 17:11:21 -07:00