movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-13 13:40:28 +03:00
Code Activity

nixos/hardened: scudo default allocator. zero by default allow override.

Browse source
This commit is contained in:
Kyle Copperfield 2019-11-19 09:26:49 +00:00
parent 00ac71ab19
commit 759968a612
1 changed files with 3 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
nixos/modules/profiles/hardened.nix
View file

@ -14,6 +14,9 @@ with lib;
nix.allowedUsers = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "scudo";
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;