kookie
/
nomicon
1
0
Fork 0
Code Issues Projects Releases 1 Activity

nixos/hardened: don't set kernel.unprivileged_bpf_disabled

Browse Source 
Upstreamed in anthraxx/linux-hardened@1a3e0c283028533527595a91d9504d2b7eabc977.
wip/yesman
Emily 4 years ago
parent 9da578a78f
commit 71bbd876b7
1 changed files with 0 additions and 4 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      nixos/modules/profiles/hardened.nix

4
nixos/modules/profiles/hardened.nix
Unescape View File

@ -79,10 +79,6 @@ with lib;
# Hide kptrs even for processes with CAP_SYSLOG
boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
# Unprivileged access to bpf() has been used for privilege escalation in
# the past
boot.kernel.sysctl."kernel.unprivileged_bpf_disabled" = mkDefault true;
# Disable bpf() JIT (to eliminate spray attacks)
boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false;

Write Preview
Loading…
Cancel
Save