From bc8186be1e02f7f63916a8d158890f9e21a0773b Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 1 Aug 2013 00:08:44 +0200
Subject: [PATCH] linux: Disable /dev/kmem

See e.g.
  https://wiki.ubuntu.com/Security/Features#A.2BAC8-dev.2BAC8-kmem_disabled
---
 pkgs/os-specific/linux/kernel/common-config.nix | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 4b19cd2aa2a..2e64dae23fe 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -163,7 +163,8 @@ with stdenv.lib;
 
   # Security related features.
   STRICT_DEVMEM y # Filter access to /dev/mem
-  SECURITY_SELINUX_BOOTPARAM_VALUE 0 # disable SELinux by default
+  SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
+  DEVKMEM n # Disable /dev/kmem
 
   # Misc. options.
   8139TOO_8129 y