diff options
| author | Emily <vcs@emily.moe> | 2020-04-04 23:12:44 +0100 |
|---|---|---|
| committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
| commit | af4f57b2c4b969c9bc72527dbbd970564ee8d90b (patch) | |
| tree | 128cde99e89249e03e5ac730e141a8f3add1c4dd /nixos/modules/profiles | |
| parent | 71bbd876b743a98affd89dfe097c15a1048a63bf (diff) | |
| download | nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar.gz nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar.bz2 nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar.lz nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar.xz nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.tar.zst nixpkgs-af4f57b2c4b969c9bc72527dbbd970564ee8d90b.zip | |
nixos/hardened: don't set net.core.bpf_jit_harden
Upstreamed in anthraxx/linux-hardened@82e384401d441d42efad9830ab31650a7ea571db.
Diffstat (limited to 'nixos/modules/profiles')
| -rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 8889c6440f4..692afbff660 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -82,9 +82,6 @@ with lib; # Disable bpf() JIT (to eliminate spray attacks) boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false; - # ... or at least apply some hardening to it - boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true; - # Raise ASLR entropy for 64bit & 32bit, respectively. # # Note: mmap_rnd_compat_bits may not exist on 64bit. |