public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened profile: increase ASLR entropy

Browse Source
This commit is contained in:
Joachim Fasting 2017-08-13 00:17:43 +02:00
parent 5c29873e99
commit c0769dc6ef
No known key found for this signature in database
GPG Key ID: 66EAB6B14F6B6E0D
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
nixos/modules/profiles/hardened.nix
View File

@ -59,4 +59,10 @@ with lib;
# the feature at runtime. Attempting to create a user namespace # the feature at runtime. Attempting to create a user namespace
# with unshare will then fail with "no space left on device". # with unshare will then fail with "no space left on device".
boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0; boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
# Raise ASLR entropy for 64bit & 32bit, respectively.
#
# Note: mmap_rnd_compat_bits may not exist on 64bit.
boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;
} }