nixpkgs/nixos/doc/manual/from_md/configuration/profiles/hardened.section.xml

<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-hardened">
  <title>Hardened</title>
  <para>
    A profile with most (vanilla) hardening options enabled by default,
    potentially at the cost of stability, features and performance.
  </para>
  <para>
    This includes a hardened kernel, and limiting the system information
    available to processes through the <literal>/sys</literal> and
    <literal>/proc</literal> filesystems. It also disables the User
    Namespaces feature of the kernel, which stops Nix from being able to
    build anything (this particular setting can be overridden via
    <xref linkend="opt-security.allowUserNamespaces" />). See the
    <link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile
    source</link> for further detail on which settings are altered.
  </para>
  <warning>
    <para>
      This profile enables options that are known to affect system
      stability. If you experience any stability issues when using the
      profile, try disabling it. If you report an issue and use this
      profile, always mention that you do.
    </para>
  </warning>
</section>
nixos: nixos/doc/configuration/profiles/*.xml to CommonMark 2021-06-30 17:43:06 +08:00			`<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-hardened">`
			`<title>Hardened</title>`
			`<para>`
			`A profile with most (vanilla) hardening options enabled by default,`
			`potentially at the cost of stability, features and performance.`
			`</para>`
			`<para>`
			`This includes a hardened kernel, and limiting the system information`
			`available to processes through the <literal>/sys</literal> and`
			`<literal>/proc</literal> filesystems. It also disables the User`
			`Namespaces feature of the kernel, which stops Nix from being able to`
nixos: fix typos 2022-12-17 19:31:14 -05:00			`build anything (this particular setting can be overridden via`
nixos: use only URI fragment in manual options links 2021-07-04 08:42:44 +08:00			`<xref linkend="opt-security.allowUserNamespaces" />). See the`
nixos: nixos/doc/configuration/profiles/*.xml to CommonMark 2021-06-30 17:43:06 +08:00			`<link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile`
			`source</link> for further detail on which settings are altered.`
			`</para>`
			`<warning>`
			`<para>`
			`This profile enables options that are known to affect system`
			`stability. If you experience any stability issues when using the`
			`profile, try disabling it. If you report an issue and use this`
			`profile, always mention that you do.`
			`</para>`
			`</warning>`
			`</section>`