diff options
| author | Jörg Thalheim <joerg@thalheim.io> | 2019-09-26 10:07:35 +0100 |
|---|---|---|
| committer | Jörg Thalheim <joerg@thalheim.io> | 2019-09-26 10:09:31 +0100 |
| commit | 46dfb2d0904ecd1895af7e378b7d134f45c4e762 (patch) | |
| tree | 1ae8b62c1a8c9a7b0dacc2fb5470128be0ba9600 /nixos | |
| parent | 954220b34171114e616be2cc7eb33c3119a92922 (diff) | |
| download | nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar.gz nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar.bz2 nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar.lz nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar.xz nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.tar.zst nixlib-46dfb2d0904ecd1895af7e378b7d134f45c4e762.zip | |
nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault
Users should be able to override this value without having to use mkForce.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/config/sysctl.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index fb2b58eed720..e59c7a32c287 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -54,7 +54,7 @@ in # Hide kernel pointers (e.g. in /proc/modules) for unprivileged # users as these make it easier to exploit kernel vulnerabilities. - boot.kernel.sysctl."kernel.kptr_restrict" = 1; + boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1; # Disable YAMA by default to allow easy debugging. boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0; |