sid/synix
1
0
Fork 0
Code Issues 6 Pull requests 1 Projects Activity Actions
synix/modules/nixos/common/boot.nix
sid ecf5132cbb
Some checks failed
Build tests / build-hosts (pull_request) Failing after 3s
Details
Flake check / flake-check (pull_request) Failing after 13s
Details
enforce new flake schema. formatting.
2026-05-31 18:50:41 +02:00

20 lines
470 B
Nix
Raw Blame History

{ lib, pkgs, ... }:
{
boot = {
# fix CVE-2026-31431
kernelPackages = lib.mkIf (lib.versionOlder pkgs.linux.version "6.18.22") (lib.mkDefault pkgs.linuxPackages_6_18);
# fix CVE-2026-43500
extraModprobeConfig = ''
install esp4 ${pkgs.coreutils}/bin/false
install esp6 ${pkgs.coreutils}/bin/false
install rxrpc ${pkgs.coreutils}/bin/false
'';
blacklistedKernelModules = [
"esp4"
"esp6"
"rxrpc"
];
};
}
Reference in a new issue View git blame Copy permalink