colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/hardened: scudo default allocator. zero by default allow override.

Browse Source
This commit is contained in:
Kyle Copperfield 2019-11-19 09:26:49 +00:00
parent 00ac71ab19
commit 759968a612
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/profiles/hardened.nix
View File

@ -14,6 +14,9 @@ with lib;
nix.allowedUsers = mkDefault [ "@users" ];
environment.memoryAllocator.provider = mkDefault "scudo";
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
security.hideProcessInformation = mkDefault true;
security.lockKernelModules = mkDefault true;