On 11/19/2013 03:27 AM, phree...@yandex.ru wrote:
Centralized building and security are often at odds. Say, certain grsecurity
kernel features only make sense if you are running a unique, randomized build.
Probably if you dig deep enough you'll find some features in gcc which
introduce similar
Securing nixos
I guess we all want to be secure :)
I'd also like you to start a wiki page talking about
- what could be done
- what you want to be done
- how to verify that the goal has been achieved (if this does make
sense)
- what else could be done to have a secure system ..
-
On Tuesday, November 19, 2013 01:58:28 AM Ricardo M. Correia wrote:
I am currently working on integrating grsecurity/PaX and making various
software packages work under a grsec-enabled kernel (well, the packages I
use):
https://github.com/NixOS/nixpkgs/pull/1187
With those patches and a
On Tue, Nov 19, 2013 at 2:12 AM, Marc Weber marco-owe...@gmx.de wrote:
Securing nixos
I guess we all want to be secure :)
I'd also like you to start a wiki page talking about
- what could be done
- what you want to be done
- how to verify that the goal has been achieved (if this
Yes, start the wiki page.
Don't forgett that nixos has the nesting features for builds.
Thus you can build i686,x86_64 and hardened/not hardened systems at the
same time.
Ther is not much which can go wrong other than that you have to download
nix* stuff twice.
Its on my todo list to improve