about summary refs log tree commit diff
path: root/nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix')
-rw-r--r--nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix b/nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix
index f1f18c64130c..79ee27c52b50 100644
--- a/nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/nixpkgs/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -91,6 +91,9 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
   PAGE_POISONING_NO_SANITY = yes;
   PAGE_POISONING_ZERO      = yes;
 
+  # Enable the SafeSetId LSM
+  SECURITY_SAFESETID = whenAtLeast "5.1" yes;
+
   # Reboot devices immediately if kernel experiences an Oops.
   PANIC_ON_OOPS = yes;
   PANIC_TIMEOUT = freeform "-1";
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-02 03:33:23 +0000