commit 46dfb2d0904ecd1895af7e378b7d134f45c4e762 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault

Users should be able to override this value without having to use mkForce.

Jörg Thalheim 6 years ago 46dfb2d0 954220b3

options

unified split

Changed files

+1 -1

nixos

modules

config

sysctl.nix

+1 -1

nixos/modules/config/sysctl.nix

···

       54
       54
        
       

     

       55
       55
        
           # Hide kernel pointers (e.g. in /proc/modules) for unprivileged

     

       56
       56
        
           # users as these make it easier to exploit kernel vulnerabilities.

     

       57
       57
       -
           boot.kernel.sysctl."kernel.kptr_restrict" = 1;

     

       57
       57
       +
           boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1;

     

       58
       58
        
       

     

       59
       59
        
           # Disable YAMA by default to allow easy debugging.

     

       60
       60
        
           boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;