Skip to content

Instantly share code, notes, and snippets.

@MaxistheSpy

MaxistheSpy/fix.nix

Last active May 8, 2026 00:58
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save MaxistheSpy/0155be001e522627c7675a3542e18826 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save MaxistheSpy/0155be001e522627c7675a3542e18826 to your computer and use it in GitHub Desktop.
Download ZIP
fix for copyfail and dirty frag on nixos and potentially others
Raw
readme.md

fix for copyfail and dirty frag on nixos In leu of a patch you can disable kernel modules responsible for copyfail and dirty frag in nixos with the following on non nix systems it should be sufficent to add the contents of fix_modprobe.conf to modprobe.d his will blacklist modules from loading but wont unload them a restart is reccomended in leu of a restart you may use sudo rmmod algif_aead algif_skcipher algif_hash af_alg for copy fail and sudo rmmod esp4 esp6 rxrpc for dirty frag

PS i am not a security expert or particularly knowledgable about kernel modules, this fix may be insufficent or broken on your system use at your own risk

Raw
fix.nix
boot.extraModprobeConfig = lib.concatMapStringsSep "\n" (x: "install ${x} /bin/false") [
# Copy Fail — currently loaded, block future loads + block siblings
"af_alg" # af_alg itself
"algif_aead"
# Dirty Frag
"esp4"
"esp6"
"rxrpc"
];
Raw
fix_modprobe.conf
install af_alg /bin/false
install algif_aead /bin/false
install esp4 /bin/false
install esp6 /bin/false
install rxrpc /bin/false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment