pyrox.dev
nixos/hardened profile: increase ASLR entropy
+6
nixos/modules/profiles/hardened.nix
+6
nixos/modules/profiles/hardened.nix
···
59
59
# the feature at runtime. Attempting to create a user namespace
60
60
# with unshare will then fail with "no space left on device".
61
61
boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
62
+
63
+
# Raise ASLR entropy for 64bit & 32bit, respectively.
64
+
#
65
+
# Note: mmap_rnd_compat_bits may not exist on 64bit.
66
+
boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
67
+
boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;
62
68
}