diff options
| author | Emily <vcs@emily.moe> | 2020-04-05 04:57:03 +0100 |
|---|---|---|
| committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
| commit | 9da578a78f6f442a193bd15af3c1c4544b1ff156 (patch) | |
| tree | 55f3f26ca3b3abf82be95b3bcee8f254897b0549 /nixos | |
| parent | cf1bce6a7ada476671277ac5bffe132891ece0d8 (diff) | |
| download | nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar.gz nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar.bz2 nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar.lz nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar.xz nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.tar.zst nixlib-9da578a78f6f442a193bd15af3c1c4544b1ff156.zip | |
nixos/hardened: don't set kernel.dmesg_restrict
Upstreamed in anthraxx/linux-hardened@e3d3f13ffb1a5ff507a8ecae52e3d1fa05d30a07.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 8a2763faec08..052909d63f53 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -76,9 +76,6 @@ with lib; # (e.g., parent/child) boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1; - # Restrict access to kernel ring buffer (information leaks) - boot.kernel.sysctl."kernel.dmesg_restrict" = mkDefault true; - # Hide kptrs even for processes with CAP_SYSLOG boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2; |