This is an automated archive made by the Lemmit Bot.

The original was posted on /r/nixos by /u/10010000_426164426f7 on 2024-09-24 07:57:03+00:00.

I want to commit more time to NixOS, but the hardening and security story doesn’t seem to be well documented.

Main use case:

• Dev tooling
• Infra tooling
• VM workloads that need to be hardened
• Container service hosting (possibly with compliance requirements)

Does NixOS handle AppArmor/SELinux well? There is a thread mentioned the lack of AppArmor profiles, but I can’t see much else. From what I am able to figure out, it isn’t super clear that profile and hardening controls are in place right now.

Has anyone tried seeing if NixOS can (in a reasonable way) meet CIS general Linux benchmarks?

Also: does anyone have experience running EDR agents on NixOS? Any issue with any of the big ones?