mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-11-27 09:23:01 +00:00
linux config: enable the Yama LSM (#14392)
The Yama Linux Security Module restricts the use of ptrace so that processes cannot ptrace processes that are not their children. This prevents attackers from compromising one user-level processes and snooping on the memory and runtime state of other processes owned by the same user.
This commit is contained in:
parent
ce7739a4dd
commit
a000ed181c
@ -284,6 +284,7 @@ with stdenv.lib;
|
||||
RANDOMIZE_BASE? y
|
||||
STRICT_DEVMEM y # Filter access to /dev/mem
|
||||
SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
|
||||
SECURITY_YAMA y # Prevent processes from ptracing non-children processes
|
||||
DEVKMEM n # Disable /dev/kmem
|
||||
${if versionOlder version "3.14" then ''
|
||||
CC_STACKPROTECTOR? y # Detect buffer overflows on the stack
|
||||
|
Loading…
Reference in New Issue
Block a user