Security: Difference between revisions

(3 intermediate revisions by 3 users not shown)

Line 115:

It is possible to use [https://en.wikipedia.org/wiki/Security-Enhanced_Linux Security-Enhanced Linux (SELinux)] in NixOS, but proper integration does not exist. This does not appear to have gotten much attention [https://github.com/NixOS/rfcs/pull/41 since 2019]. However, there has been revived work in 2025 but there's no telling when things will land in NixOS.

=== AppArmor ===

As of April 2026, AppArmor is available for NixOS but also has [https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217 not yet been properly integrated].

== Nix official references ==

Line 124:

Line 128:

=== NixOS ===

* [[NixOS Hardening]]

* [https://christine.website/blog/paranoid-nixos-2021-07-18 Blog - Paranoid NixOS Setup]

* [https://github.com/flyingcircusio/vulnix vulnix] - Vulnerability (CVE) scanner for Nix/NixOS

Line 142:

Line 147:

* [https://github.com/decalage2/awesome-security-hardening awesome-security-hardening] - Collection of security hardening guides, tools and other resources.

=== Supply chain security ===

* [https://nixcademy.com/posts/secure-supply-chain-with-nix/ Demonstrably Secure Software Supply Chains with Nix], Nixcademy

[[Category:Guide]]

[[Category:NixOS]]

[[Category:Nix]]

[[Category:Security]]

@@ Line 115: / Line 115: @@
 It is possible to use [https://en.wikipedia.org/wiki/Security-Enhanced_Linux Security-Enhanced Linux (SELinux)] in NixOS, but proper integration does not exist. This does not appear to have gotten much attention [https://github.com/NixOS/rfcs/pull/41 since 2019]. However, there has been revived work in 2025 but there's no telling when things will land in NixOS.
+=== AppArmor ===
+As of April 2026, AppArmor is available for NixOS but also has [https://discourse.nixos.org/t/apparmor-on-nixos-roadmap/57217 not yet been properly integrated].
 == Nix official references ==
@@ Line 124: / Line 128: @@
 === NixOS ===
+* [[NixOS Hardening]]
 * [https://christine.website/blog/paranoid-nixos-2021-07-18 Blog - Paranoid NixOS Setup]
 * [https://github.com/flyingcircusio/vulnix vulnix] - Vulnerability (CVE) scanner for Nix/NixOS
@@ Line 142: / Line 147: @@
 * [https://github.com/decalage2/awesome-security-hardening awesome-security-hardening] - Collection of security hardening guides, tools and other resources.
+=== Supply chain security ===
+* [https://nixcademy.com/posts/secure-supply-chain-with-nix/ Demonstrably Secure Software Supply Chains with Nix], Nixcademy
 [[Category:Guide]]
 [[Category:NixOS]]
 [[Category:Nix]]
+[[Category:Security]]