diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-30 01:22:32 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-04-30 12:05:40 +0200 |
| commit | 8c98e8ca2fe65add522235e50e2ea506c8d0942b (patch) | |
| tree | e77f17e7a84e66e97e88fea5625fbcafcad48a2c /nixos/modules/profiles | |
| parent | 62f2a1c2be9f6308ed21aaeed9aa0afbc3a93fc9 (diff) | |
| download | nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar.gz nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar.bz2 nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar.lz nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar.xz nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.tar.zst nixlib-8c98e8ca2fe65add522235e50e2ea506c8d0942b.zip | |
nixos/hardened profile: use the linux_hardened kernel
Diffstat (limited to 'nixos/modules/profiles')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index ae0a42e8dee1..13084b7f082e 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -6,6 +6,8 @@ with lib; { + boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened; + security.hideProcessInformation = mkDefault true; security.lockKernelModules = mkDefault true; @@ -13,6 +15,9 @@ with lib; security.apparmor.enable = mkDefault true; boot.kernelParams = [ + # Overwrite free'd memory + "page_poison=1" + # Disable legacy virtual syscalls "vsyscall=none" ]; |