diff options
author | Emily <vcs@emily.moe> | 2020-04-04 23:12:44 +0100 |
---|---|---|
committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
commit | af4f57b2c4b969c9bc72527dbbd970564ee8d90b (patch) | |
tree | 128cde99e89249e03e5ac730e141a8f3add1c4dd /nixos/modules/profiles/hardened.nix | |
parent | 71bbd876b743a98affd89dfe097c15a1048a63bf (diff) |
nixos/hardened: don't set net.core.bpf_jit_harden
Upstreamed in anthraxx/linux-hardened@82e384401d441d42efad9830ab31650a7ea571db.
Diffstat (limited to 'nixos/modules/profiles/hardened.nix')
-rw-r--r-- | nixos/modules/profiles/hardened.nix | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 8889c6440f447..692afbff660d2 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -82,9 +82,6 @@ with lib; # Disable bpf() JIT (to eliminate spray attacks) boot.kernel.sysctl."net.core.bpf_jit_enable" = mkDefault false; - # ... or at least apply some hardening to it - boot.kernel.sysctl."net.core.bpf_jit_harden" = mkDefault true; - # Raise ASLR entropy for 64bit & 32bit, respectively. # # Note: mmap_rnd_compat_bits may not exist on 64bit. |