From 759968a6126a9bf4962a3ddea4eaf6466baff122 Mon Sep 17 00:00:00 2001
From: Kyle Copperfield <kmcopper@danwin1210.me>
Date: Tue, 19 Nov 2019 09:26:49 +0000
Subject: nixos/hardened: scudo default allocator. zero by default allow
 override.

---
 nixos/modules/profiles/hardened.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'nixos')

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 33e4ddc3fb4..da3de444768 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -14,6 +14,9 @@ with lib;
 
   nix.allowedUsers = mkDefault [ "@users" ];
 
+  environment.memoryAllocator.provider = mkDefault "scudo";
+  environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
+
   security.hideProcessInformation = mkDefault true;
 
   security.lockKernelModules = mkDefault true;
-- 
cgit 1.4.1