public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened profile: always enable pti

Browse Source
This commit is contained in:
Joachim Fasting 2019-01-05 13:50:36 +01:00
parent 3f1f443125
commit 167578163a
No known key found for this signature in database
GPG Key ID: 5C204DF675C90294
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/profiles/hardened.nix
View File

@ -40,6 +40,9 @@ with lib;
# Disable legacy virtual syscalls # Disable legacy virtual syscalls
"vsyscall=none" "vsyscall=none"
# Enable PTI even if CPU claims to be safe from meltdown
"pti=on"
]; ];
boot.blacklistedKernelModules = [ boot.blacklistedKernelModules = [