diff options
Diffstat (limited to 'nixos/modules/security/hidepid.xml')
| -rw-r--r-- | nixos/modules/security/hidepid.xml | 28 |
1 files changed, 0 insertions, 28 deletions
diff --git a/nixos/modules/security/hidepid.xml b/nixos/modules/security/hidepid.xml deleted file mode 100644 index 5a17cb1da41..00000000000 --- a/nixos/modules/security/hidepid.xml +++ /dev/null @@ -1,28 +0,0 @@ -<chapter xmlns="http://docbook.org/ns/docbook" - xmlns:xlink="http://www.w3.org/1999/xlink" - xmlns:xi="http://www.w3.org/2001/XInclude" - version="5.0" - xml:id="sec-hidepid"> - <title>Hiding process information</title> - <para> - Setting -<programlisting> -<xref linkend="opt-security.hideProcessInformation"/> = true; -</programlisting> - ensures that access to process information is restricted to the owning user. - This implies, among other things, that command-line arguments remain private. - Unless your deployment relies on unprivileged users being able to inspect the - process information of other users, this option should be safe to enable. - </para> - <para> - Members of the <literal>proc</literal> group are exempt from process - information hiding. - </para> - <para> - To allow a service <replaceable>foo</replaceable> to run without process - information hiding, set -<programlisting> -<link linkend="opt-systemd.services._name_.serviceConfig">systemd.services.<replaceable>foo</replaceable>.serviceConfig</link>.SupplementaryGroups = [ "proc" ]; -</programlisting> - </para> -</chapter> |