nixos/sysctl: reduce prio of "kernel.kptr_restrict" to mkDefault

Users should be able to override this value without having to use mkForce.
2024-11-23 07:23:20 +00:00 · 2019-09-26 10:07:35 +01:00 · 2019-09-26 10:07:35 +01:00 · 46dfb2d090
commit 46dfb2d090
parent 954220b341
1 changed files with 1 additions and 1 deletions
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@ -54,7 +54,7 @@ in

    # Hide kernel pointers (e.g. in /proc/modules) for unprivileged
    # users as these make it easier to exploit kernel vulnerabilities.
-    boot.kernel.sysctl."kernel.kptr_restrict" = 1;
+    boot.kernel.sysctl."kernel.kptr_restrict" = mkDefault 1;

    # Disable YAMA by default to allow easy debugging.
    boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;