diff options
| author | Alex Martens <alex@thinglab.org> | 2022-03-06 15:46:23 -0800 |
|---|---|---|
| committer | Alex Martens <alex@thinglab.org> | 2022-04-01 12:22:10 -0700 |
| commit | 334b30c464d95bcedd473014aa83c7d68ece641f (patch) | |
| tree | ff591d43386d731bfa4e74f1cd75eac881169c58 /nixos/doc | |
| parent | baedfc4da94daa30728d9ade4aa34f4a530d1e65 (diff) | |
| download | nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar.gz nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar.bz2 nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar.lz nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar.xz nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.tar.zst nixpkgs-334b30c464d95bcedd473014aa83c7d68ece641f.zip | |
nixos/github-runner: systemd service hardening
Diffstat (limited to 'nixos/doc')
| -rw-r--r-- | nixos/doc/manual/from_md/release-notes/rl-2205.section.xml | 9 | ||||
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-2205.section.md | 4 |
2 files changed, 13 insertions, 0 deletions
diff --git a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml index 9535d441740..c6471101f4a 100644 --- a/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml +++ b/nixos/doc/manual/from_md/release-notes/rl-2205.section.xml @@ -980,6 +980,15 @@ </listitem> <listitem> <para> + <literal>services.github-runner</literal> has been hardened. + Notably address families and system calls have been + restricted, which may adversely affect some kinds of testing, + e.g. using <literal>AF_BLUETOOTH</literal> to test bluetooth + devices. + </para> + </listitem> + <listitem> + <para> The terraform 0.12 compatibility has been removed and the <literal>terraform.withPlugins</literal> and <literal>terraform-providers.mkProvider</literal> diff --git a/nixos/doc/manual/release-notes/rl-2205.section.md b/nixos/doc/manual/release-notes/rl-2205.section.md index 377dd1b5cae..ad9532adff5 100644 --- a/nixos/doc/manual/release-notes/rl-2205.section.md +++ b/nixos/doc/manual/release-notes/rl-2205.section.md @@ -357,6 +357,10 @@ In addition to numerous new and upgraded packages, this release has the followin - The Tor SOCKS proxy is now actually disabled if `services.tor.client.enable` is set to `false` (the default). If you are using this functionality but didn't change the setting or set it to `false`, you now need to set it to `true`. +- `services.github-runner` has been hardened. Notably address families and + system calls have been restricted, which may adversely affect some kinds of + testing, e.g. using `AF_BLUETOOTH` to test bluetooth devices. + - The terraform 0.12 compatibility has been removed and the `terraform.withPlugins` and `terraform-providers.mkProvider` implementations simplified. Providers now need to be stored under `$out/libexec/terraform-providers/<registry>/<owner>/<name>/<version>/<os>_<arch>/terraform-provider-<name>_v<version>` (which mkProvider does). |