felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-05-20 21:41:12 +02:00
Code Issues Projects Releases Wiki Activity

base/mitigations: blacklist modules for copyfail and pintheft

Browse Source
This commit is contained in:
h7x4
2026-05-20 16:33:07 +09:00
parent e5804c043a
commit ffce1bd607
1 changed files with 15 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
base/mitigations.nix
View File

@@ -2,16 +2,19 @@
{ {
boot.blacklistedKernelModules = [ boot.blacklistedKernelModules = [
"rxrpc" # dirtyfrag # copy.fail
"esp6" # dirtyfrag "af_alg"
"esp4" # dirtyfrag "algif_aead"
]; "algif_hash"
boot.extraModprobeConfig = '' "algif_rng"
# dirtyfrag "algif_skcipher"
install esp4 /bin/false
# dirtyfrag # dirtyfrag / Fragnesia
install esp6 /bin/false "esp4"
# dirtyfrag "esp6"
install rxrpc /bin/false "rxrpc"
'';
# PinTheft
"rds"
];
} }