From 84f258bf096275fffbc95328e33ed981a677db68 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sun, 5 Apr 2020 05:04:43 +0100
Subject: [PATCH] nixos/hardened: don't set vm.unprivileged_userfaultfd

Upstreamed in anthraxx/linux-hardened@a712392b88b3cbc8385fd97be87a43db2ad7ecf0.
---
 nixos/modules/profiles/hardened.nix | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 1747e962f02..09a1dd54333 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -108,7 +108,4 @@ with lib;
   # Ignore outgoing ICMP redirects (this is ipv4 only)
   boot.kernel.sysctl."net.ipv4.conf.all.send_redirects" = mkDefault false;
   boot.kernel.sysctl."net.ipv4.conf.default.send_redirects" = mkDefault false;
-
-  # Restrict userfaultfd syscalls to processes with the SYS_PTRACE capability
-  boot.kernel.sysctl."vm.unprivileged_userfaultfd" = mkDefault false;
 }