commit a000ed181cd8fe23809892c13393491dfeeba1d1 · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

linux config: enable the Yama LSM (#14392)

The Yama Linux Security Module restricts the use of ptrace so that
processes cannot ptrace processes that are not their children. This
prevents attackers from compromising one user-level processes and
snooping on the memory and runtime state of other processes owned
by the same user.

authored by Aneesh Agrawal and committed by Franz Pletz 9 years ago a000ed18 ce7739a4

1 changed file

expand all

unified split

pkgs

os-specific

linux

kernel

common-config.nix

pkgs/os-specific/linux/kernel/common-config.nix

··· 284 RANDOMIZE_BASE? y 285 STRICT_DEVMEM y # Filter access to /dev/mem 286 SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default 287 DEVKMEM n # Disable /dev/kmem 288 ${if versionOlder version "3.14" then '' 289 CC_STACKPROTECTOR? y # Detect buffer overflows on the stack

··· 284 RANDOMIZE_BASE? y 285 STRICT_DEVMEM y # Filter access to /dev/mem 286 SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default 287 + SECURITY_YAMA y # Prevent processes from ptracing non-children processes 288 DEVKMEM n # Disable /dev/kmem 289 ${if versionOlder version "3.14" then '' 290 CC_STACKPROTECTOR? y # Detect buffer overflows on the stack