nixos/hardened: blacklist a few obscure net protocols

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Joachim Fasting 8 years ago 8aa0618c 2bce0b13

1 changed file

expand all

unified split

nixos

modules

profiles

hardened.nix

nixos/modules/profiles/hardened.nix

··· 25 "nohibernate" 26 ]; 27 28 # Restrict ptrace() usage to processes with a pre-defined relationship 29 # (e.g., parent/child) 30 boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;

··· 25 "nohibernate" 26 ]; 27 28 + boot.blacklistedKernelModules = [ 29 + # Obscure network protocols 30 + "ax25" 31 + "netrom" 32 + "rose" 33 + ]; 34 + 35 # Restrict ptrace() usage to processes with a pre-defined relationship 36 # (e.g., parent/child) 37 boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;