mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 12:29:02 +02:00
Hide kernel pointers for unprivileged users via kptr_restrict
This commit is contained in:
parent
7bd50185ff
commit
39f67d9d38
|
@ -60,6 +60,10 @@ in
|
|||
boot.kernel.sysctl."fs.protected_hardlinks" = true;
|
||||
boot.kernel.sysctl."fs.protected_symlinks" = true;
|
||||
|
||||
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
|
||||
# users as these make it easier to exploit kernel vulnerabilities.
|
||||
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
|
||||
|
||||
};
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue