summary refs log tree commit diff
path: root/nixos/modules/security/hidepid.xml
diff options
context:
space:
mode:
authorGraham Christensen <graham@grahamc.com>2018-09-29 20:51:11 -0400
committerGraham Christensen <graham@grahamc.com>2018-09-29 20:51:11 -0400
commit8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549 (patch)
tree2fd2a5d5e07bc85ea97ae3c0cb13eb563860ad66 /nixos/modules/security/hidepid.xml
parent9622cd3b38ddbc7faa4cac2a48dbd70bd99570d0 (diff)
downloadnixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar.gz
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar.bz2
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar.lz
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar.xz
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.tar.zst
nixlib-8413f22bb39bd1c8adcf2ca9e6fcd4c59ddb3549.zip
docs: format
Diffstat (limited to 'nixos/modules/security/hidepid.xml')
-rw-r--r--nixos/modules/security/hidepid.xml37
1 files changed, 16 insertions, 21 deletions
diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml
index d69341eb3cde..5a17cb1da412 100644
--- a/nixos/modules/security/hidepid.xml
+++ b/nixos/modules/security/hidepid.xml
@@ -3,31 +3,26 @@
          xmlns:xi="http://www.w3.org/2001/XInclude"
          version="5.0"
          xml:id="sec-hidepid">
-
-  <title>Hiding process information</title>
-
-  <para>
-    Setting
+ <title>Hiding process information</title>
+ <para>
+  Setting
 <programlisting>
 <xref linkend="opt-security.hideProcessInformation"/> = true;
 </programlisting>
-    ensures that access to process information is restricted to the
-    owning user.  This implies, among other things, that command-line
-    arguments remain private.  Unless your deployment relies on unprivileged
-    users being able to inspect the process information of other users, this
-    option should be safe to enable.
-  </para>
-
-  <para>
-    Members of the <literal>proc</literal> group are exempt from process
-    information hiding.
-  </para>
-
-  <para>
-    To allow a service <replaceable>foo</replaceable> to run without process information hiding, set
+  ensures that access to process information is restricted to the owning user.
+  This implies, among other things, that command-line arguments remain private.
+  Unless your deployment relies on unprivileged users being able to inspect the
+  process information of other users, this option should be safe to enable.
+ </para>
+ <para>
+  Members of the <literal>proc</literal> group are exempt from process
+  information hiding.
+ </para>
+ <para>
+  To allow a service <replaceable>foo</replaceable> to run without process
+  information hiding, set
 <programlisting>
 <link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ];
 </programlisting>
-  </para>
-
+ </para>
 </chapter>