NixOS Hardening: Difference between revisions
Link to Security#AppArmor |
→Sysctl parameters: Add kernel.io_uring_disabled=2 |
||
| Line 161: | Line 161: | ||
# Disable ftrace debugging | # Disable ftrace debugging | ||
boot.kernel.sysctl."kernel.ftrace_enabled" = false; | boot.kernel.sysctl."kernel.ftrace_enabled" = false; | ||
# Disable io_uring, a large source of security vulnerabilities | |||
# https://security.googleblog.com/2023/06/learnings-from-kctf-vrps-42-linux.html | |||
boot.kernel.sysctl."kernel.io_uring_disabled" = 2; | |||
# Enable strict reverse path filtering (that is, do not attempt to route | # Enable strict reverse path filtering (that is, do not attempt to route | ||