From 8c98e8ca2fe65add522235e50e2ea506c8d0942b Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sun, 30 Apr 2017 01:22:32 +0200
Subject: nixos/hardened profile: use the linux_hardened kernel

---
 nixos/modules/profiles/hardened.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'nixos/modules/profiles')

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index ae0a42e8dee1..13084b7f082e 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -6,6 +6,8 @@
 with lib;
 
 {
+  boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened;
+
   security.hideProcessInformation = mkDefault true;
 
   security.lockKernelModules = mkDefault true;
@@ -13,6 +15,9 @@ with lib;
   security.apparmor.enable = mkDefault true;
 
   boot.kernelParams = [
+    # Overwrite free'd memory
+    "page_poison=1"
+
     # Disable legacy virtual syscalls
     "vsyscall=none"
   ];
-- 
cgit 1.4.1