nixos-hardened: enable page alloc randomization

author: Joachim Fasting <joachifm@fastmail.fm> 2019-08-15 18:24:24 +0200
committer: Joachim Fasting <joachifm@fastmail.fm> 2019-08-15 18:43:32 +0200
commit: 4b21d1ac8ca5f38a7c05d8f79418858afe628933 (patch)
tree: c0b9a1aa95b933e3d69cfe7279b99c6d32264725 /nixos
parent: 44d541078fdcef668919c2f1c17b0467a8c78b1f (diff)
download: nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.gz
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.bz2
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.lz
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.xz
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.zst
nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.zip
1 files changed, 3 insertions, 0 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 9e9ddd4f378..139ced1e53b 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -44,6 +44,9 @@ with lib;
 
     # Disable legacy virtual syscalls
     "vsyscall=none"
+
+    # Enable page allocator randomization
+    "page_alloc.shuffle=1"
   ];
 
   boot.blacklistedKernelModules = [
author	Joachim Fasting <joachifm@fastmail.fm>	2019-08-15 18:24:24 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2019-08-15 18:43:32 +0200
commit	4b21d1ac8ca5f38a7c05d8f79418858afe628933 (patch)
tree	c0b9a1aa95b933e3d69cfe7279b99c6d32264725 /nixos
parent	44d541078fdcef668919c2f1c17b0467a8c78b1f (diff)
download	nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.gz nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.bz2 nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.lz nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.xz nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.tar.zst nixpkgs-4b21d1ac8ca5f38a7c05d8f79418858afe628933.zip