nixos: remove the grsecurity GID - nixlib - Alyssa's collection of Nix expressions

diff options

author	Joachim Fasting <joachifm@fastmail.fm>	2016-06-09 20:29:11 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2016-06-14 03:38:17 +0200
commit	a53452f3e12f4feb76a5169149d93c3bd5359363 (patch)
tree	0f6398e489f81a499e64b873cb38418f43e4a4f9 /nixos/tests/grsecurity.nix
parent	0677cc61c8fae0b699a9be837c897b8d7b6d837c (diff)
download	nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.gz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.bz2 nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.lz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.xz nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.tar.zst nixlib-a53452f3e12f4feb76a5169149d93c3bd5359363.zip

nixos: remove the grsecurity GID

This GID was used to exempt users from Grsecurity's
`/proc` restrictions; we now prefer to rely on
`security.hideProcessInformation`, which uses the `proc` group
for this purpose.  That leaves no use for the grsecurity GID.

More generally, having only a single GID to, presumably, serve as the
default for all of grsecurity's GID based exemption/resriction schemes
would be problematic in any event, so if we decide to enable those
grsecurity features in the future, more specific GIDs should be added.

Diffstat (limited to 'nixos/tests/grsecurity.nix')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: