pyrox.dev / nixpkgs
lol
fork atom

nixos/hardened profile: increase ASLR entropy

Joachim Fasting c0769dc6 5c29873e

+6
unified split
+6
nixos/modules/profiles/hardened.nix
··· 59 # the feature at runtime. Attempting to create a user namespace 60 # with unshare will then fail with "no space left on device". 61 boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0; 62 }
··· 59 # the feature at runtime. Attempting to create a user namespace 60 # with unshare will then fail with "no space left on device". 61 boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0; 62 + 63 + # Raise ASLR entropy for 64bit & 32bit, respectively. 64 + # 65 + # Note: mmap_rnd_compat_bits may not exist on 64bit. 66 + boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32; 67 + boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16; 68 }