dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
b92dae961c
nixpkgs/nixos/modules/services
History
Ben Wolsieffer b92dae961c nixos/chrony: allow @chown syscall set 
The module was allowing specific chown syscalls, which is brittle because
there are several and different ones are used by glibc on different
architectures. For example, fchownat was already added to the allowlist for
aarch64, while on armv6l chrony crashes because chown32 is not in the
allowlist.

systemd provides the @chown syscall set, which includes all the chown
syscalls and avoids this brittleness. I believe the syscalls would all be
equivalent from an attacker's perspective, so there is unlikely to be any
security impact.
2023-03-12 18:10:56 -05:00
..
admin
amqp nixos/activemq: deprecate phases 2023-01-12 23:03:06 +01:00
audio nixos/tts: init 2023-02-21 11:59:17 +01:00
backup Merge pull request #191974 from tu-maurice/btrbk-doas 2023-03-11 16:10:50 +01:00
blockchain/ethereum lighthouse: fix validator service not setting arguments properly 2022-12-19 16:41:43 -05:00
cluster nixos/k3s: add environmentFile as an option 2023-02-27 08:15:25 -03:00
computing services.openssh: rename several settings (#211991) 2023-02-07 00:11:18 +01:00
continuous-integration Merge pull request #216451 from Mindavi/hydra/systemd-target 2023-03-09 20:53:21 +01:00
databases Merge pull request #186660 from aopom/clickhouse-conf 2023-02-14 15:58:09 +01:00
desktops pipewire: 0.3.65 -> 0.3.66 2023-02-17 13:15:16 +03:00
development nixos/gemstash: init module 2023-03-07 15:56:56 +11:00
display-managers greetd: use service-type 'idle' in systemd-service to avoid overlapping systemd-output 2022-12-19 18:22:16 +01:00
editors nixos/manual: render module chapters with nixos-render-docs 2023-01-27 20:07:34 +01:00
finance
games nixos/*: remove trailing period in mkEnableOptions 2023-02-08 15:23:34 +01:00
hardware nixos/fwupd: add settings option for uefi_capsule.conf 2023-03-10 15:25:41 -05:00
home-automation home-assistant: Inject extra dependencies through PYTHONPATH 2023-02-20 18:37:20 +01:00
logging nixos/ulogd: init 2022-12-28 00:17:28 +01:00
mail Merge pull request #214346 from SFrijters/postfix-ipv4 2023-02-27 18:24:53 +00:00
matrix Merge pull request #178447 from Francesco149/dendrite-prestart 2023-03-03 18:45:09 +01:00
misc nixos/jellyseerr: init 2023-03-10 16:18:00 +01:00
monitoring Merge pull request #205060 from jslight90/patch-8 2023-03-10 11:19:31 +01:00
network-filesystems nixos/*: remove trailing period in mkEnableOptions 2023-02-08 15:23:34 +01:00
networking nixos/chrony: allow @chown syscall set 2023-03-12 18:10:56 -05:00
printing Merge remote-tracking branch 'origin/staging-next' into staging 2022-12-28 09:35:37 +00:00
scheduling
search nixos/opensearch: fix opensearch startup 2023-02-27 16:07:12 +00:00
security nixos/yubikey-agent: Add dependency to pcsd.service 2023-02-11 09:32:24 -05:00
system nixos/nscd: use nsncd by default 2023-02-02 11:07:25 +01:00
torrent nixos/rtorrent: make directory permissions configurable 2023-01-22 19:43:39 +01:00
tracing
ttys
video nixos/unifi-video: bump default mongodb version 2023-01-05 19:10:35 +01:00
wayland
web-apps Merge pull request #197613 from shyim/add-coder 2023-03-09 12:04:16 +04:00
web-servers nixos/nginx: add defaultMimeTypes option 2023-03-07 19:37:18 +03:00
x11 nixos/plasma5: add ark as an optional package instead 2023-03-11 21:29:24 +08:00