Loading nixos/modules/system/activation/switchable-system.nix +11 −0 Original line number Diff line number Diff line Loading @@ -142,5 +142,16 @@ fi ''; }; security = let extraConfig = '' Defaults env_keep+=NIXOS_NO_CHECK ''; in { sudo = { inherit extraConfig; }; sudo-rs = { inherit extraConfig; }; }; }; } pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py +2 −0 Original line number Diff line number Diff line Loading @@ -37,6 +37,8 @@ SWITCH_TO_CONFIGURATION_CMD_PREFIX: Final = [ "LOCALE_ARCHIVE", "-E", "NIXOS_INSTALL_BOOTLOADER", "-E", "NIXOS_NO_CHECK", "--collect", "--no-ask-password", "--pipe", Loading pkgs/os-specific/linux/kernel/common-config.nix +8 −0 Original line number Diff line number Diff line Loading @@ -684,6 +684,8 @@ let TMPFS = yes; TMPFS_POSIX_ACL = yes; FS_ENCRYPTION = yes; FS_VERITY = yes; FS_VERITY_BUILTIN_SIGNATURES = yes; EXT2_FS_XATTR = yes; EXT2_FS_POSIX_ACL = yes; Loading Loading @@ -796,6 +798,12 @@ let # This does not have any effect if a program does not support it SECURITY_LANDLOCK = whenAtLeast "5.13" yes; # IPE (Integrity Policy Enforcement) - LSM that can enforce file integrity based on # fs-verity measurements or dm-verity. Useful for verified boot and immutable /nix/store. SECURITY_IPE = whenAtLeast "6.12" yes; IPE_PROP_FS_VERITY = whenAtLeast "6.12" yes; IPE_PROP_FS_VERITY_BUILTIN_SIG = whenAtLeast "6.12" yes; DEVKMEM = lib.mkIf (!stdenv.hostPlatform.isAarch64) (whenOlder "5.13" no); # Disable /dev/kmem USER_NS = yes; # Support for user namespaces Loading pkgs/os-specific/linux/kernel/kernels-org.json +6 −6 Original line number Diff line number Diff line { "testing": { "version": "6.19-rc3", "hash": "sha256:1ps2bq9jag0ypr9nj2zfqak81sc12l2hrj2065k2jnvwqcx0vhw3", "version": "6.19-rc4", "hash": "sha256:1ivkpgmmpy7my1vcly82pnnz3ynmdjz62n4q251j970zk8m42r9s", "lts": false }, "6.1": { Loading @@ -25,13 +25,13 @@ "lts": true }, "6.12": { "version": "6.12.63", "hash": "sha256:1cvxvwlmnqw71nf6nizf0hpp710a8dsczz5bjwy3i55qwkzwa0lm", "version": "6.12.64", "hash": "sha256:18j9ivimvlm1afzfiw03n3r35qv91nbjhh2gi3z8w5416sir9bfi", "lts": true }, "6.18": { "version": "6.18.3", "hash": "sha256:16kzgpxrmaxd2kcsmlnsvc2ryxih457rrwynfzhbmi49gcb7k23s", "version": "6.18.4", "hash": "sha256:1asza9m4vb7lghxaiy5fpnbwmb9a44pgjclbpgv1p77plnf16l7q", "lts": false } } Loading
nixos/modules/system/activation/switchable-system.nix +11 −0 Original line number Diff line number Diff line Loading @@ -142,5 +142,16 @@ fi ''; }; security = let extraConfig = '' Defaults env_keep+=NIXOS_NO_CHECK ''; in { sudo = { inherit extraConfig; }; sudo-rs = { inherit extraConfig; }; }; }; }
pkgs/by-name/ni/nixos-rebuild-ng/src/nixos_rebuild/nix.py +2 −0 Original line number Diff line number Diff line Loading @@ -37,6 +37,8 @@ SWITCH_TO_CONFIGURATION_CMD_PREFIX: Final = [ "LOCALE_ARCHIVE", "-E", "NIXOS_INSTALL_BOOTLOADER", "-E", "NIXOS_NO_CHECK", "--collect", "--no-ask-password", "--pipe", Loading
pkgs/os-specific/linux/kernel/common-config.nix +8 −0 Original line number Diff line number Diff line Loading @@ -684,6 +684,8 @@ let TMPFS = yes; TMPFS_POSIX_ACL = yes; FS_ENCRYPTION = yes; FS_VERITY = yes; FS_VERITY_BUILTIN_SIGNATURES = yes; EXT2_FS_XATTR = yes; EXT2_FS_POSIX_ACL = yes; Loading Loading @@ -796,6 +798,12 @@ let # This does not have any effect if a program does not support it SECURITY_LANDLOCK = whenAtLeast "5.13" yes; # IPE (Integrity Policy Enforcement) - LSM that can enforce file integrity based on # fs-verity measurements or dm-verity. Useful for verified boot and immutable /nix/store. SECURITY_IPE = whenAtLeast "6.12" yes; IPE_PROP_FS_VERITY = whenAtLeast "6.12" yes; IPE_PROP_FS_VERITY_BUILTIN_SIG = whenAtLeast "6.12" yes; DEVKMEM = lib.mkIf (!stdenv.hostPlatform.isAarch64) (whenOlder "5.13" no); # Disable /dev/kmem USER_NS = yes; # Support for user namespaces Loading
pkgs/os-specific/linux/kernel/kernels-org.json +6 −6 Original line number Diff line number Diff line { "testing": { "version": "6.19-rc3", "hash": "sha256:1ps2bq9jag0ypr9nj2zfqak81sc12l2hrj2065k2jnvwqcx0vhw3", "version": "6.19-rc4", "hash": "sha256:1ivkpgmmpy7my1vcly82pnnz3ynmdjz62n4q251j970zk8m42r9s", "lts": false }, "6.1": { Loading @@ -25,13 +25,13 @@ "lts": true }, "6.12": { "version": "6.12.63", "hash": "sha256:1cvxvwlmnqw71nf6nizf0hpp710a8dsczz5bjwy3i55qwkzwa0lm", "version": "6.12.64", "hash": "sha256:18j9ivimvlm1afzfiw03n3r35qv91nbjhh2gi3z8w5416sir9bfi", "lts": true }, "6.18": { "version": "6.18.3", "hash": "sha256:16kzgpxrmaxd2kcsmlnsvc2ryxih457rrwynfzhbmi49gcb7k23s", "version": "6.18.4", "hash": "sha256:1asza9m4vb7lghxaiy5fpnbwmb9a44pgjclbpgv1p77plnf16l7q", "lts": false } }
