diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-30 11:57:12 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-30 12:06:11 +0200 |
| commit | 1dd3ba924bb7f2ab254b14dcf794651d486db2ae (patch) | |
| tree | 7573e25d56579ac5a60e8e1b2799d109c3d93f7c /nixos/modules/profiles/hardened.nix | |
| parent | ffa83edf4a29b21f12eb96d5eb7b63e1ebae7a5f (diff) | |
| download | nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar.gz nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar.bz2 nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar.lz nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar.xz nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.tar.zst nixlib-1dd3ba924bb7f2ab254b14dcf794651d486db2ae.zip | |
nixos/hardened profile: disable hibernation
Recommended by KSPP
Diffstat (limited to 'nixos/modules/profiles/hardened.nix')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 13084b7f082e..c7f80fe47aac 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -20,6 +20,9 @@ with lib; # Disable legacy virtual syscalls "vsyscall=none" + + # Disable hibernation (allows replacing the running kernel) + "nohibernate" ]; # Restrict ptrace() usage to processes with a pre-defined relationship |