7 lines
221 B
Nix
7 lines
221 B
Nix
{lib, ...}: {
|
|
boot.kernel.sysctl = {
|
|
# disable unprivileged user namespaces to decrease attack surface
|
|
# Enabled because breaks discord/element etc
|
|
"kernel.unprivileged_userns_clone" = lib.mkForce 1;
|
|
};
|
|
}
|