diff options
Diffstat (limited to 'nixos/doc/manual/configuration/profiles/hardened.xml')
-rw-r--r-- | nixos/doc/manual/configuration/profiles/hardened.xml | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/nixos/doc/manual/configuration/profiles/hardened.xml b/nixos/doc/manual/configuration/profiles/hardened.xml index b3b433792f5..dc83fc837e2 100644 --- a/nixos/doc/manual/configuration/profiles/hardened.xml +++ b/nixos/doc/manual/configuration/profiles/hardened.xml @@ -1,22 +1,24 @@ - <section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xmlns:xi="http://www.w3.org/2001/XInclude" version="5.0" xml:id="sec-profile-hardened"> <title>Hardened</title> + <para> A profile with most (vanilla) hardening options enabled by default, potentially at the cost of features and performance. </para> + <para> This includes a hardened kernel, and limiting the system information available to processes through the <filename>/sys</filename> and <filename>/proc</filename> filesystems. It also disables the User Namespaces feature of the kernel, which stops Nix from being able to build anything (this particular setting can be overriden via - <xref linkend="opt-security.allowUserNamespaces"/>). See the <literal + <xref linkend="opt-security.allowUserNamespaces"/>). See the + <literal xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix"> - profile source</literal> for further detail on which settings are altered. + profile source</literal> for further detail on which settings are altered. </para> </section> |