Error work systemd-sysctl service with kernel 5.5 and hardened profile

[Izorkin]

Steps to reproduce the behavior:

1. Enable hardened profile
2. Use kernel 5.5

Error:

systemd-sysctl[25177]: Couldn't write '0' to 'net/core/bpf_jit_enable': Invalid argument
systemd-sysctl[25177]: Couldn't write '16' to 'vm/mmap_rnd_compat_bits', ignoring: No such file or directory

Metadata:

• system: "x86_64-linux"
• host os: Linux 5.5.1-hardened, NixOS, 20.03.git.446bffd (Markhor)
• multi-user?: yes
• sandbox: no
• version: nix-env (Nix) 2.3.2
• nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

сс @joachifm

[stale[bot]]

Hello, I'm a bot and I thank you in the name of the community for opening this issue.

To help our human contributors focus on the most-relevant reports, I check up on old issues to see if they're still relevant. This issue has had no activity for 180 days, and so I marked it as stale, but you can rest assured it will never be closed by a non-human.

The community would appreciate your effort in checking if the issue is still valid. If it isn't, please close it.

If the issue persists, and you'd like to remove the stale label, you simply need to leave a comment. Your comment can be as simple as "still important to me". If you'd like it to get more attention, you can ask for help by searching for maintainers and people that previously touched related code and @ mention them in a comment. You can use Git blame or GitHub's web interface on the relevant files to find them.

Lastly, you can always ask for help at our Discourse Forum or at #nixos' IRC channel.

[stale[bot]]

I marked this as stale due to inactivity. → More info

[Artturin]

maybe something to do with security.lockKernelModules = mkDefault true;