diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2018-11-24 15:13:03 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2018-11-24 16:06:21 +0100 |
| commit | 6a7f02d89debadceaddd91ea3b9deb059597a927 (patch) | |
| tree | c587793f4e7a80895ce86ba1cc337623a014a27e /nixos/modules/profiles/hardened.nix | |
| parent | 62623b60d5fed91ac676d6f4a70a12570090d513 (diff) | |
| download | nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.gz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.bz2 nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.lz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.xz nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.tar.zst nixpkgs-6a7f02d89debadceaddd91ea3b9deb059597a927.zip | |
nixos/hardened: restrict access to nix daemon
Diffstat (limited to 'nixos/modules/profiles/hardened.nix')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index d712fb2514b..61e871bcaca 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -12,6 +12,8 @@ with lib; boot.kernelPackages = mkDefault pkgs.linuxPackages_hardened; + nix.allowedUsers = mkDefault [ "@users" ]; + security.hideProcessInformation = mkDefault true; security.lockKernelModules = mkDefault true; |