pyrox.dev
1<section xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="sec-profile-hardened">
2 <title>Hardened</title>
3 <para>
4 A profile with most (vanilla) hardening options enabled by default,
5 potentially at the cost of stability, features and performance.
6 </para>
7 <para>
8 This includes a hardened kernel, and limiting the system information
9 available to processes through the <literal>/sys</literal> and
10 <literal>/proc</literal> filesystems. It also disables the User
11 Namespaces feature of the kernel, which stops Nix from being able to
12 build anything (this particular setting can be overriden via
13 <xref linkend="opt-security.allowUserNamespaces" />). See the
14 <link xlink:href="https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix">profile
15 source</link> for further detail on which settings are altered.
16 </para>
17 <warning>
18 <para>
19 This profile enables options that are known to affect system
20 stability. If you experience any stability issues when using the
21 profile, try disabling it. If you report an issue and use this
22 profile, always mention that you do.
23 </para>
24 </warning>
25</section>