···

       
59
       
 
       
  # the feature at runtime.  Attempting to create a user namespace

     

       
60
       
 
       
  # with unshare will then fail with "no space left on device".

     

       
61
       
 
       
  boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
0
       
 
       

     

       
62
       
 
       
}

     

···

       
59
       
 
       
  # the feature at runtime.  Attempting to create a user namespace

     

       
60
       
 
       
  # with unshare will then fail with "no space left on device".

     

       
61
       
 
       
  boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;

     

       
62
       
+
       


     

       
63
       
+
       
  # Raise ASLR entropy for 64bit & 32bit, respectively.

     

       
64
       
+
       
  #

     

       
65
       
+
       
  # Note: mmap_rnd_compat_bits may not exist on 64bit.

     

       
66
       
+
       
  boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;

     

       
67
       
+
       
  boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;

     

       
68
       
 
       
}