diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-09 20:29:11 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-14 03:38:17 +0200 |
commit | a53452f3e12f4feb76a5169149d93c3bd5359363 (patch) | |
tree | 0f6398e489f81a499e64b873cb38418f43e4a4f9 /nixos/tests/grsecurity.nix | |
parent | 0677cc61c8fae0b699a9be837c897b8d7b6d837c (diff) | |
download | nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.gz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.bz2 nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.lz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.xz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.zst nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.zip |
nixos: remove the grsecurity GID
This GID was used to exempt users from Grsecurity's `/proc` restrictions; we now prefer to rely on `security.hideProcessInformation`, which uses the `proc` group for this purpose. That leaves no use for the grsecurity GID. More generally, having only a single GID to, presumably, serve as the default for all of grsecurity's GID based exemption/resriction schemes would be problematic in any event, so if we decide to enable those grsecurity features in the future, more specific GIDs should be added.
Diffstat (limited to 'nixos/tests/grsecurity.nix')
0 files changed, 0 insertions, 0 deletions