pyrox.dev
1# Hardened {#sec-profile-hardened}
2
3A profile with most (vanilla) hardening options enabled by default,
4potentially at the cost of stability, features and performance.
5
6This includes a hardened kernel, and limiting the system information
7available to processes through the `/sys` and
8`/proc` filesystems. It also disables the User Namespaces
9feature of the kernel, which stops Nix from being able to build anything
10(this particular setting can be overridden via
11[](#opt-security.allowUserNamespaces)). See the
12[profile source](https://github.com/nixos/nixpkgs/tree/master/nixos/modules/profiles/hardened.nix)
13for further detail on which settings are altered.
14
15::: {.warning}
16This profile enables options that are known to affect system
17stability. If you experience any stability issues when using the
18profile, try disabling it. If you report an issue and use this
19profile, always mention that you do.
20:::