commit 8aa0618cf0a0fe2ae12fe463b57243d13028a6e8 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

nixos/hardened: blacklist a few obscure net protocols

Joachim Fasting 8 years ago 8aa0618c 2bce0b13

options

unified split

Changed files

nixos

modules

profiles

hardened.nix

nixos/modules/profiles/hardened.nix

···

       25
       25
        
           "nohibernate"

     

       26
       26
        
         ];

     

       27
       27
        
       

     

       28
       28
       +
         boot.blacklistedKernelModules = [

     

       29
       29
       +
           # Obscure network protocols

     

       30
       30
       +
           "ax25"

     

       31
       31
       +
           "netrom"

     

       32
       32
       +
           "rose"

     

       33
       33
       +
         ];

     

       34
       34
       +
       

     

       28
       35
        
         # Restrict ptrace() usage to processes with a pre-defined relationship

     

       29
       36
        
         # (e.g., parent/child)

     

       30
       37
        
         boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;