Open-Source Infrastructure as Code Management Solution for Multiple Systems designed to be reliable in mission-critical tasks on paranoid and high-security environment.
European Union Public License 1.2
25
stars
3
forks
source link
Implement Process Visibility Restrictions in NixOS #98
Implement hide_uids, hide_gids, and hide_jail Functionality in NixOS.
Description
Implement features in NixOS to restrict process visibility, enhancing system security. These features would include:
Hide Processes Running as Other Users (hide_uids):
Similar to the hide_uids option in FreeBSD, this feature would hide processes running as other users. This would limit the visibility of processes to the users who own them, enhancing security.
Hide Processes Running as Other Groups (hide_gids):
Similar to the hide_gids option in FreeBSD, this feature would hide processes running as other groups. This would restrict process visibility based on group membership, further enhancing security.
Hide Processes Running in Jails (hide_jail):
Similar to the hide_jail option in FreeBSD, this feature would hide processes running in containers or isolated environments. This would improve security by isolating process information within containers.
Implementing these features would bring FreeBSD-level process visibility control to NixOS, improving overall system security.
Title
Implement
hide_uids,hide_gids, andhide_jailFunctionality in NixOS.Description
Implement features in NixOS to restrict process visibility, enhancing system security. These features would include:
Hide Processes Running as Other Users (
hide_uids): Similar to thehide_uidsoption in FreeBSD, this feature would hide processes running as other users. This would limit the visibility of processes to the users who own them, enhancing security.Hide Processes Running as Other Groups (
hide_gids): Similar to thehide_gidsoption in FreeBSD, this feature would hide processes running as other groups. This would restrict process visibility based on group membership, further enhancing security.Hide Processes Running in Jails (
hide_jail): Similar to thehide_jailoption in FreeBSD, this feature would hide processes running in containers or isolated environments. This would improve security by isolating process information within containers.Implementing these features would bring FreeBSD-level process visibility control to NixOS, improving overall system security.
https://github.com/NiXium-org/NiXium/issues/67