diff options
| author | Emily <vcs@emily.moe> | 2020-04-05 05:04:43 +0100 |
|---|---|---|
| committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
| commit | 84f258bf096275fffbc95328e33ed981a677db68 (patch) | |
| tree | 79b72492907b2ade17c907e40fbd4f856e5d7d33 /nixos/modules/profiles | |
| parent | cc28d51237d39fa5f7de57f836fe2a0cf46e6182 (diff) | |
| download | nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar.gz nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar.bz2 nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar.lz nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar.xz nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.tar.zst nixpkgs-84f258bf096275fffbc95328e33ed981a677db68.zip | |
nixos/hardened: don't set vm.unprivileged_userfaultfd
Upstreamed in anthraxx/linux-hardened@a712392b88b3cbc8385fd97be87a43db2ad7ecf0.
Diffstat (limited to 'nixos/modules/profiles')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 1747e962f02..09a1dd54333 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -108,7 +108,4 @@ with lib; # Ignore outgoing ICMP redirects (this is ipv4 only) boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false; boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false; - - # Restrict userfaultfd syscalls to processes with the SYS_PTRACE capability - boot.kernel.sysctl."vm.unprivileged_userfaultfd" = mkDefault false; } |