From 4b21d1ac8ca5f38a7c05d8f79418858afe628933 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Thu, 15 Aug 2019 18:24:24 +0200 Subject: [PATCH] nixos-hardened: enable page alloc randomization --- nixos/modules/profiles/hardened.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 9e9ddd4f3788..139ced1e53be 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -44,6 +44,9 @@ with lib; # Disable legacy virtual syscalls "vsyscall=none" + + # Enable page allocator randomization + "page_alloc.shuffle=1" ]; boot.blacklistedKernelModules = [