starred/nix-config
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-05-18 21:57:21 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity

fix: mitigate Dirty Frag LPE vulnerabilities

Browse Source
This commit is contained in:
Ryan Yin
2026-05-14 11:54:36 +08:00
parent 26f4f86ad8
commit 6a12b600a1
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/nixos/base/kernel-hardening.nix
+20
View File
@@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
{
# Kernel module blacklisting to mitigate Dirty Frag LPE (Local Privilege Escalation) vulnerabilities.
boot.blacklistedKernelModules = [
"esp4"
"esp6"
"rxrpc"
];
boot.extraModprobeConfig = ''
install esp4 ${pkgs.coreutils}/bin/false
install esp6 ${pkgs.coreutils}/bin/false
install rxrpc ${pkgs.coreutils}/bin/false
'';
}