l: workaround for CVE-2021-4034
This commit is contained in:
parent
37a3ec2948
commit
b749315dc7
@ -1,8 +1,10 @@
|
|||||||
{ config, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
with import <stockholm/lib>;
|
with import <stockholm/lib>;
|
||||||
{
|
{
|
||||||
# http://seclists.org/oss-sec/2017/q1/471
|
# http://seclists.org/oss-sec/2017/q1/471
|
||||||
boot.extraModprobeConfig = ''
|
boot.extraModprobeConfig = ''
|
||||||
install dccp /run/current-system/sw/bin/false
|
install dccp /run/current-system/sw/bin/false
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user