Merge pull request #69489 from Mic92/sysctl

nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault
This commit is contained in:
Jörg Thalheim 2019-09-28 10:06:54 +01:00 committed by GitHub
commit 3ed9892552
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -54,7 +54,7 @@ in
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
# users as these make it easier to exploit kernel vulnerabilities.
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1;
# Disable YAMA by default to allow easy debugging.
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;