diff options
| author | nullrequest <30698906+advaithm@users.noreply.github.com> | 2021-08-12 17:37:12 +0530 |
|---|---|---|
| committer | Sandro Jäckel <sandro.jaeckel@gmail.com> | 2022-01-19 12:12:03 +0100 |
| commit | eff260aaf2ddc17305efd18cf6cb26306316ddb8 (patch) | |
| tree | 1fb0fbfff412ce0ca9b9a7cc9d52c170d62a0e2b /pkgs/os-specific/linux/kernel/common-config.nix | |
| parent | ba7c4fa91dbfb59f5c65e8ed0186fea4e6471ac2 (diff) | |
| download | nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar.gz nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar.bz2 nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar.lz nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar.xz nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.tar.zst nixpkgs-eff260aaf2ddc17305efd18cf6cb26306316ddb8.zip | |
linux config: enable Landlock LSM
Diffstat (limited to 'pkgs/os-specific/linux/kernel/common-config.nix')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 93c6b390eb2..012833a538c 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -462,6 +462,9 @@ let SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default # Prevent processes from ptracing non-children processes SECURITY_YAMA = option yes; + # The goal of Landlock is to enable to restrict ambient rights (e.g. global filesystem access) for a set of processes. + # This does not have any effect if a program does not support it + SECURITY_LANDLOCK = whenAtLeast "5.13" yes; DEVKMEM = whenOlder "5.13" no; # Disable /dev/kmem USER_NS = yes; # Support for user namespaces |