nixos/hardened profile: lock kernel modules

author: Joachim Fasting <joachifm@fastmail.fm> 2017-04-29 22:46:20 +0200
committer: Joachim Fasting <joachifm@fastmail.fm> 2017-04-30 12:05:38 +0200
commit: 6a5a5728ee8225e0e7272de7ad6c63ca5986cb84 (patch)
tree: ab2c28c716d84e72fbb5342677d2e374443c71e1 /nixos/modules/profiles/hardened.nix
parent: 878ad1ce6e2582fef11ed73c849b513afaca143e (diff)
download: nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.gz
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.bz2
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.lz
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.xz
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.zst
nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index a01d974446be..ae0a42e8dee1 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -8,6 +8,8 @@ with lib;
 {
   security.hideProcessInformation = mkDefault true;
 
+  security.lockKernelModules = mkDefault true;
+
   security.apparmor.enable = mkDefault true;
 
   boot.kernelParams = [
author	Joachim Fasting <joachifm@fastmail.fm>	2017-04-29 22:46:20 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2017-04-30 12:05:38 +0200
commit	6a5a5728ee8225e0e7272de7ad6c63ca5986cb84 (patch)
tree	ab2c28c716d84e72fbb5342677d2e374443c71e1 /nixos/modules/profiles/hardened.nix
parent	878ad1ce6e2582fef11ed73c849b513afaca143e (diff)
download	nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.gz nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.bz2 nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.lz nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.xz nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.tar.zst nixlib-6a5a5728ee8225e0e7272de7ad6c63ca5986cb84.zip