nixos-hardened: enable page alloc randomization

2024-11-23 15:33:13 +00:00 · 2019-08-15 18:24:24 +02:00 · 2019-08-15 18:24:24 +02:00 · 4b21d1ac8c
commit 4b21d1ac8c
parent 44d541078f
1 changed files with 3 additions and 0 deletions
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@ -44,6 +44,9 @@ with lib;

    # Disable legacy virtual syscalls
    "vsyscall=none"
+
+    # Enable page allocator randomization
+    "page_alloc.shuffle=1"
  ];

  boot.blacklistedKernelModules = [