Continuing the fanboi theme -- the NIXOS hardened package installs linux-hardened kernel patch and scudo as the default allocator which makes a great base
Conversation
If that's using linux-hardened it really shouldn't be enabling those slab / page debugging features. Those are designed for debugging and there are production variants of them provided by linux-hardened.
theres definitely a few tweaks they need to implement. They also restrict user created NSs which imo is not what you want. It breaks almost all Chrome derivative sandboxes.
2
Show more replies