ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 12:38:41 +03:00
Code Issues Projects Releases Wiki Activity

linux config: enable Landlock LSM

Browse Source
This commit is contained in:
nullrequest 2021-08-12 17:37:12 +05:30 committed by Sandro Jäckel
parent ba7c4fa91d
commit eff260aaf2
No known key found for this signature in database
GPG Key ID: 3AF5A43A3EECC2E5
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -462,6 +462,9 @@ let
SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default
# Prevent processes from ptracing non-children processes
SECURITY_YAMA = option yes;
# The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes.
# This does not have any effect if a program does not support it
SECURITY_LANDLOCK = whenAtLeast "5.13" yes;
DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem
USER_NS = yes; # Support for user namespaces