ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-12-29 14:57:28 +03:00
Code Issues Projects Releases Wiki Activity

Merge pull request #73763 from kmcopper/hardening-profile

Browse Source 
Improvements to the NixOS Hardened Profile
This commit is contained in:
Joachim F 2020-04-03 18:48:12 +00:00 committed by GitHub
commit 18b89e7abd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
nixos/modules/profiles/hardened.nix
View File

@ -14,12 +14,17 @@ with lib;
nix.allowedUsers = mkDefault [ "@users" ]; nix.allowedUsers = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "scudo";
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
security.hideProcessInformation = mkDefault true; security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true; security.lockKernelModules = mkDefault true;
security.allowUserNamespaces = mkDefault false; security.allowUserNamespaces = mkDefault false;
nix.useSandbox = mkDefault false;
security.protectKernelImage = mkDefault true; security.protectKernelImage = mkDefault true;
security.allowSimultaneousMultithreading = mkDefault false; security.allowSimultaneousMultithreading = mkDefault false;