summary refs log tree commit diff
path: root/profiles/security.nix
diff options
context:
space:
mode:
Diffstat (limited to 'profiles/security.nix')
-rw-r--r--profiles/security.nix2
1 files changed, 2 insertions, 0 deletions
diff --git a/profiles/security.nix b/profiles/security.nix
index 8ca89e3..ddd980e 100644
--- a/profiles/security.nix
+++ b/profiles/security.nix
@@ -21,6 +21,8 @@
     security.allowSimultaneousMultithreading = false;
     security.forcePageTableIsolation = true;
 
+    security.unprivilegedUsernsClone = config.virtualisation.containers.enable;
+
     security.virtualisation.flushL1DataCache = "always";
 
     security.apparmor.enable = true;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-19 21:27:10 +0000