From c233e24d54bc1681f9001fcdf7adc0c91aea5609 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Thu, 4 Jul 2019 18:50:48 +0200
Subject: [PATCH] nixos/hardened: disable ftrace by default

---
 nixos/modules/profiles/hardened.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 87bf66333c6..af0dd8471c7 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -89,4 +89,7 @@ with lib;
   #
   # The value is taken from the KSPP recommendations (Debian uses 4096).
   boot.kernel.sysctl."vm.mmap_min_addr" = mkDefault 65536;
+
+  # Disable ftrace debugging
+  boot.kernel.sysctl."kernel.ftrace_enabled" = mkDefault false;
 }