Merge pull request #73763 from kmcopper/hardening-profile
Improvements to the NixOS Hardened Profile
This commit is contained in:
commit
18b89e7abd
1 changed files with 5 additions and 0 deletions
|
@ -14,12 +14,17 @@ with lib;
|
|||
|
||||
nix.allowedUsers = mkDefault [ "@users" ];
|
||||
|
||||
environment.memoryAllocator.provider = mkDefault "scudo";
|
||||
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
|
||||
|
||||
security.hideProcessInformation = mkDefault true;
|
||||
|
||||
security.lockKernelModules = mkDefault true;
|
||||
|
||||
security.allowUserNamespaces = mkDefault false;
|
||||
|
||||
nix.useSandbox = mkDefault false;
|
||||
|
||||
security.protectKernelImage = mkDefault true;
|
||||
|
||||
security.allowSimultaneousMultithreading = mkDefault false;
|
||||
|
|
Loading…
Reference in a new issue