public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos-hardened: enable page alloc randomization

Browse Source
This commit is contained in:
Joachim Fasting
2019-08-15 18:24:24 +02:00
parent 44d541078f
commit 4b21d1ac8c
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/profiles/hardened.nix
View File

@@ -44,6 +44,9 @@ with lib;
# Disable legacy virtual syscalls
"vsyscall=none"
# Enable page allocator randomization
"page_alloc.shuffle=1"
];
boot.blacklistedKernelModules = [