diff options
-rw-r--r-- | krebs/2configs/default.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/security-workarounds.nix (renamed from lass/2configs/security-workarounds.nix) | 6 | ||||
-rw-r--r-- | lass/2configs/default.nix | 2 |
3 files changed, 3 insertions, 6 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix index 9200d41fe..38d770316 100644 --- a/krebs/2configs/default.nix +++ b/krebs/2configs/default.nix @@ -4,6 +4,7 @@ with import <stockholm/lib>; { imports = [ ./backup.nix + ./security-workarounds.nix ]; krebs.announce-activation.enable = true; krebs.enable = true; diff --git a/lass/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix index 4b0d48671..27d1f8485 100644 --- a/lass/2configs/security-workarounds.nix +++ b/krebs/2configs/security-workarounds.nix @@ -1,10 +1,6 @@ { config, lib, pkgs, ... }: with import <stockholm/lib>; { - # http://seclists.org/oss-sec/2017/q1/471 - boot.extraModprobeConfig = '' - install dccp /run/current-system/sw/bin/false - ''; - + # https://github.com/berdav/CVE-2021-4034 security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" ""); } diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix index dc97719ad..e2163b688 100644 --- a/lass/2configs/default.nix +++ b/lass/2configs/default.nix @@ -8,7 +8,7 @@ with import <stockholm/lib>; ./vim.nix ./zsh.nix ./htop.nix - ./security-workarounds.nix + <stockholm/krebs/2configs/security-workarounds.nix> ./wiregrill.nix { users.extraUsers = |