diff options
author | Joachim F <joachifm@users.noreply.github.com> | 2019-10-12 10:08:44 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-10-12 10:08:44 +0000 |
commit | 5bea2997fe9b08f76de5ae41dc2e300598bc9556 (patch) | |
tree | f2d7b6cb9831294438b5ef7aa7631012a5ff9816 /nixos/modules/profiles | |
parent | 348fac7b529e17f20340ded5ac77ad473e568735 (diff) | |
download | nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar.gz nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar.bz2 nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar.lz nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar.xz nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.tar.zst nixlib-5bea2997fe9b08f76de5ae41dc2e300598bc9556.zip |
nixos/hardened: blacklist old filesystems (#70482)
The rationale for this is that old filesystems have recieved little scrutiny wrt. security relevant bugs. Lifted from OpenSUSE[1]. [1]: https://github.com/openSUSE/suse-module-tools/pull/5/commits/8cb42fb6658f210cb8c955d584a65f7b041c0575 Co-Authored-By: Renaud <c0bw3b@users.noreply.github.com>
Diffstat (limited to 'nixos/modules/profiles')
-rw-r--r-- | nixos/modules/profiles/hardened.nix | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 626d8b1d2bde..f7b2f5c7fc1e 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -52,6 +52,27 @@ with lib; "ax25" "netrom" "rose" + + # Old or rare or insufficiently audited filesystems + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "qnx4" + "qnx6" + "sysv" + "ufs" ]; # Restrict ptrace() usage to processes with a pre-defined relationship |