Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: 348fac7b529e
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 5bea2997fe9b
Choose a head ref
  • 1 commit
  • 1 file changed
  • 2 contributors

Commits on Oct 12, 2019

  1. nixos/hardened: blacklist old filesystems (#70482) 

    The rationale for this is that old filesystems have recieved little scrutiny
wrt. security relevant bugs.

Lifted from OpenSUSE[1].

[1]: openSUSE/suse-module-tools@8cb42fb

Co-Authored-By: Renaud <c0bw3b@users.noreply.github.com>
    @joachifm @c0bw3b
    joachifm and c0bw3b authored Oct 12, 2019

    Verified

    This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
    GPG key ID: 4AEE18F83AFDEB23
    Expired
    Verified
    Learn about vigilant mode
    Copy the full SHA
    5bea299 View commit details
Showing with 21 additions and 0 deletions.
  1. +21 −0 nixos/modules/profiles/hardened.nix
21 changes: 21 additions & 0 deletions nixos/modules/profiles/hardened.nix
View file
Original file line number Diff line number Diff line change
@@ -52,6 +52,27 @@ with lib;
"ax25"
"netrom"
"rose"

# Old or rare or insufficiently audited filesystems
"adfs"
"affs"
"bfs"
"befs"
"cramfs"
"efs"
"erofs"
"exofs"
"freevxfs"
"f2fs"
"hfs"
"hpfs"
"jfs"
"minix"
"nilfs2"
"qnx4"
"qnx6"
"sysv"
"ufs"
];

# Restrict ptrace() usage to processes with a pre-defined relationship