diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-09 20:29:11 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-14 03:38:17 +0200 |
commit | a53452f3e12f4feb76a5169149d93c3bd5359363 (patch) | |
tree | 0f6398e489f81a499e64b873cb38418f43e4a4f9 /nixos/modules/config/users-groups.nix | |
parent | 0677cc61c8fae0b699a9be837c897b8d7b6d837c (diff) | |
download | nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.gz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.bz2 nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.lz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.xz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.zst nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.zip |
nixos: remove the grsecurity GID
This GID was used to exempt users from Grsecurity's `/proc` restrictions; we now prefer to rely on `security.hideProcessInformation`, which uses the `proc` group for this purpose. That leaves no use for the grsecurity GID. More generally, having only a single GID to, presumably, serve as the default for all of grsecurity's GID based exemption/resriction schemes would be problematic in any event, so if we decide to enable those grsecurity features in the future, more specific GIDs should be added.
Diffstat (limited to 'nixos/modules/config/users-groups.nix')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index e643b2d059b5..8231907d7999 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -468,7 +468,6 @@ in { home = "/root"; shell = mkDefault cfg.defaultUserShell; group = "root"; - extraGroups = [ "grsecurity" ]; initialHashedPassword = mkDefault config.security.initialRootPassword; }; nobody = { @@ -497,7 +496,6 @@ in { nixbld.gid = ids.gids.nixbld; utmp.gid = ids.gids.utmp; adm.gid = ids.gids.adm; - grsecurity.gid = ids.gids.grsecurity; input.gid = ids.gids.input; }; |