b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/hardened profile: increase ASLR entropy

Browse source
This commit is contained in:
Joachim Fasting 2017-08-13 00:17:43 +02:00
parent 5c29873e99
commit c0769dc6ef
No known key found for this signature in database
GPG key ID: 66EAB6B14F6B6E0D
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/profiles/hardened.nix
View file

@ -59,4 +59,10 @@ with lib;
# the feature at runtime. Attempting to create a user namespace
# with unshare will then fail with "no space left on device".
boot.kernel.sysctl."user.max_user_namespaces" = mkDefault 0;
# Raise ASLR entropy for 64bit & 32bit, respectively.
#
# Note: mmap_rnd_compat_bits may not exist on 64bit.
boot.kernel.sysctl."vm.mmap_rnd_bits" = mkDefault 32;
boot.kernel.sysctl."vm.mmap_rnd_compat_bits" = mkDefault 16;
}