nixos/hardened: scudo default allocator. zero by default allow override.
This commit is contained in:
parent
00ac71ab19
commit
759968a612
|
@ -14,6 +14,9 @@ with lib;
|
||||||
|
|
||||||
nix.allowedUsers = mkDefault [ "@users" ];
|
nix.allowedUsers = mkDefault [ "@users" ];
|
||||||
|
|
||||||
|
environment.memoryAllocator.provider = mkDefault "scudo";
|
||||||
|
environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
|
||||||
|
|
||||||
security.hideProcessInformation = mkDefault true;
|
security.hideProcessInformation = mkDefault true;
|
||||||
|
|
||||||
security.lockKernelModules = mkDefault true;
|
security.lockKernelModules = mkDefault true;
|
||||||
|
|
Loading…
Reference in New Issue
Block a user