diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-09 20:29:11 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-14 03:38:17 +0200 |
commit | a53452f3e12f4feb76a5169149d93c3bd5359363 (patch) | |
tree | 0f6398e489f81a499e64b873cb38418f43e4a4f9 /nixos/modules/misc/ids.nix | |
parent | 0677cc61c8fae0b699a9be837c897b8d7b6d837c (diff) | |
download | nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.gz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.bz2 nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.lz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.xz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.zst nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.zip |
nixos: remove the grsecurity GID
This GID was used to exempt users from Grsecurity's `/proc` restrictions; we now prefer to rely on `security.hideProcessInformation`, which uses the `proc` group for this purpose. That leaves no use for the grsecurity GID. More generally, having only a single GID to, presumably, serve as the default for all of grsecurity's GID based exemption/resriction schemes would be problematic in any event, so if we decide to enable those grsecurity features in the future, more specific GIDs should be added.
Diffstat (limited to 'nixos/modules/misc/ids.nix')
-rw-r--r-- | nixos/modules/misc/ids.nix | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/nixos/modules/misc/ids.nix b/nixos/modules/misc/ids.nix index d421167c859c..61c49f07abbb 100644 --- a/nixos/modules/misc/ids.nix +++ b/nixos/modules/misc/ids.nix @@ -147,7 +147,6 @@ foundationdb = 118; newrelic = 119; starbound = 120; - #grsecurity = 121; # unused hydra = 122; spiped = 123; teamspeak = 124; @@ -396,7 +395,6 @@ foundationdb = 118; newrelic = 119; starbound = 120; - grsecurity = 121; hydra = 122; spiped = 123; teamspeak = 124; |