about summary refs log tree commit diff
path: root/nixos/modules/profiles/hardened.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixos/modules/profiles/hardened.nix')
-rw-r--r--nixos/modules/profiles/hardened.nix3
1 files changed, 1 insertions, 2 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 680fa40b91195..3f8f78f012a70 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -22,8 +22,6 @@ with lib;
   environment.memoryAllocator.provider = mkDefault "scudo";
   environment.variables.SCUDO_OPTIONS = mkDefault "ZeroContents=1";
 
-  security.hideProcessInformation = mkDefault true;
-
   security.lockKernelModules = mkDefault true;
 
   security.protectKernelImage = mkDefault true;
@@ -38,6 +36,7 @@ with lib;
   security.virtualisation.flushL1DataCache = mkDefault "always";
 
   security.apparmor.enable = mkDefault true;
+  security.apparmor.killUnconfinedConfinables = mkDefault true;
 
   boot.kernelParams = [
     # Slab/slub sanity checks, redzoning, and poisoning
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-21 02:26:09 +0000