starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-05-17 12:06:52 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
6a12b600a15c0cd6305cf8a13a939f2af8e3095e
nix-config-ryan4yin/modules/nixos/base/kernel-hardening.nix
T
Ryan Yin 6a12b600a1 fix: mitigate Dirty Frag LPE vulnerabilities
2026-05-14 11:54:36 +08:00

21 lines
394 B
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
{
# Kernel module blacklisting to mitigate Dirty Frag LPE (Local Privilege Escalation) vulnerabilities.
boot.blacklistedKernelModules = [
"esp4"
"esp6"
"rxrpc"
];
boot.extraModprobeConfig = ''
install esp4 ${pkgs.coreutils}/bin/false
install esp6 ${pkgs.coreutils}/bin/false
install rxrpc ${pkgs.coreutils}/bin/false
'';
}
Reference in New Issue View Git Blame Copy Permalink