Merge pull request #69489 from Mic92/sysctl
nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault
This commit is contained in:
commit
3ed9892552
1 changed files with 1 additions and 1 deletions
|
@ -54,7 +54,7 @@ in
|
|||
|
||||
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
|
||||
# users as these make it easier to exploit kernel vulnerabilities.
|
||||
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
|
||||
boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1;
|
||||
|
||||
# Disable YAMA by default to allow easy debugging.
|
||||
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
|
||||
|
|
Loading…
Reference in a new issue