From af4f57b2c4b969c9bc72527dbbd970564ee8d90b Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 4 Apr 2020 23:12:44 +0100
Subject: nixos/hardened: don't set net.core.bpf_jit_harden

Upstreamed in anthraxx/linux-hardened@82e384401d441d42efad9830ab31650a7ea571db.
---
 nixos/modules/profiles/hardened.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 8889c6440f44..692afbff660d 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -82,9 +82,6 @@ with lib;
   # Disable bpf() JIT (to eliminate spray attacks)
   boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false;
 
-  # ... or at least apply some hardening to it
-  boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true;
-
   # Raise ASLR entropy for 64bit & 32bit, respectively.
   #
   # Note: mmap_rnd_compat_bits may not exist on 64bit.
-- 
cgit 1.4.1