[Nix-commits] [NixOS/nixpkgs] dffc30: nix-daemon.nix: Make the 1.12 check less strict

Eelco Dolstra Tue, 21 Mar 2017 10:53:35 -0700

  Branch: refs/heads/release-17.03
  Home:   https://github.com/NixOS/nixpkgs
  Commit: dffc300e5642d83d28a799f5992facbe7a53fbad
      
https://github.com/NixOS/nixpkgs/commit/dffc300e5642d83d28a799f5992facbe7a53fbad
  Author: Eelco Dolstra <edols...@gmail.com>
  Date:   2017-03-21 (Tue, 21 Mar 2017)


  Changed paths:
    M nixos/modules/services/misc/nix-daemon.nix

  Log Message:
  -----------
  nix-daemon.nix: Make the 1.12 check less strict

(cherry picked from commit 78bb734452a76c7719f2224e5add5b2a12b3fbf6)


  Commit: 1e8c01784a6a121fc94d111f4af7cc88dd932186
      
https://github.com/NixOS/nixpkgs/commit/1e8c01784a6a121fc94d111f4af7cc88dd932186
  Author: Eelco Dolstra <edols...@gmail.com>
  Date:   2017-03-21 (Tue, 21 Mar 2017)

  Changed paths:
    M nixos/doc/manual/release-notes/rl-1703.xml
    M nixos/modules/config/sysctl.nix

  Log Message:
  -----------
  Allow attaching to non-child processes by default

The inability to run strace or gdb is the kind of
developer-unfriendliness that we're used to from OS X, let's not do it
on NixOS.

This restriction can be re-enabled by setting

  boot.kernel.sysctl."kernel.yama.ptrace_scope" = 1;

It might be nice to have a NixOS module for enabling hardened defaults.

Xref #14392.

Thanks @abbradar.

(cherry picked from commit 86721a5f78718caf10c578e9501f8b4d19c0eb44)


Compare: https://github.com/NixOS/nixpkgs/compare/128837a5841e...1e8c01784a6a

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/nixpkgs] dffc30: nix-daemon.nix: Make the 1.12 check less strict

Reply via email to