aviallon/nixos-lib
1
0
Fork 0
mirror of https://github.com/aviallon/nixos-lib.git synced 2026-04-06 01:38:06 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

[Boot+Refactoring] Add a cmdline config option for cleaner boot option config

Browse source
This commit is contained in:
Antoine Viallon 2022-04-07 09:22:44 +02:00
parent 8457628ee6
commit 7e26d25066
Signed by: aviallon
GPG key ID: 186FC35EDEB25716
6 changed files with 43 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hardening.nix
View file

@ -53,7 +53,7 @@ in
services.dbus.apparmor = "enabled";
boot.kernelParams = concatLists [
boot.kernelParams = mkAfter (concatLists [
# Slab/slub sanity checks, redzoning, and poisoning
(optional cfg.expensive "slub_debug=FZP")
@ -65,7 +65,7 @@ in
# Apparmor https://wiki.archlinux.org/title/AppArmor#Installation
(optional cfg.expensive "lsm=landlock,lockdown,yama,apparmor,bpf")
];
]);
boot.kernel.sysctl = {
"kernel.yama.ptrace_scope" = mkOverride 500 1;