---
Function {
 argument: Destructured {
  identifier: None,
  arguments: [
   DestructuredArgument {
    identifier: "config",
    default: None,
   },
   DestructuredArgument {
    identifier: "lib",
    default: None,
   },
  ],
  ellipsis: true,
 },
 definition: With {
  expression: Variable {
   identifier: "lib",
   position: (3, 6),
  },
  target: Map {
   bindings: [
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "meta",
        position: (6, 3),
       },
      ],
     },
     to: Map {
      bindings: [
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "maintainers",
           position: (7, 5),
          },
         ],
        },
        to: List {
         elements: [
          PropertyAccess {
           expression: Variable {
            identifier: "maintainers",
            position: (7, 21),
           },
           attribute_path: AttributePath {
            parts: [
             Raw {
              content: "joachifm",
              position: (7, 33),
             },
            ],
           },
           default: None,
          },
         ],
         position: (7, 19),
        },
       },
      ],
      recursive: false,
      position: (6, 10),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "imports",
        position: (10, 3),
       },
      ],
     },
     to: List {
      elements: [
       Parentheses {
        expression: FunctionApplication {
         function: PropertyAccess {
          expression: Variable {
           identifier: "lib",
           position: (11, 6),
          },
          attribute_path: AttributePath {
           parts: [
            Raw {
             content: "mkRenamedOptionModule",
             position: (11, 10),
            },
           ],
          },
          default: None,
         },
         arguments: [
          List {
           elements: [
            String {
             parts: [
              Raw {
               content: "security",
               position: (11, 35),
              },
             ],
             position: (11, 34),
            },
            String {
             parts: [
              Raw {
               content: "virtualization",
               position: (11, 46),
              },
             ],
             position: (11, 45),
            },
            String {
             parts: [
              Raw {
               content: "flushL1DataCache",
               position: (11, 63),
              },
             ],
             position: (11, 62),
            },
           ],
           position: (11, 32),
          },
          List {
           elements: [
            String {
             parts: [
              Raw {
               content: "security",
               position: (11, 86),
              },
             ],
             position: (11, 85),
            },
            String {
             parts: [
              Raw {
               content: "virtualisation",
               position: (11, 97),
              },
             ],
             position: (11, 96),
            },
            String {
             parts: [
              Raw {
               content: "flushL1DataCache",
               position: (11, 114),
              },
             ],
             position: (11, 113),
            },
           ],
           position: (11, 83),
          },
         ],
        },
        position: (11, 5),
       },
      ],
      position: (10, 13),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "options",
        position: (14, 3),
       },
      ],
     },
     to: Map {
      bindings: [
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (15, 5),
          },
          Raw {
           content: "allowUserNamespaces",
           position: (15, 14),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (15, 36),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (16, 7),
               },
              ],
             },
             to: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (16, 14),
              },
              attribute_path: AttributePath {
               parts: [
                Raw {
                 content: "bool",
                 position: (16, 20),
                },
               ],
              },
              default: None,
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (17, 7),
               },
              ],
             },
             to: Variable {
              identifier: "true",
              position: (17, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (18, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "Whether to allow creation of user namespaces.\n\nThe motivation for disabling user namespaces is the potential\npresence of code paths where the kernel's permission checking\nlogic fails to account for namespacing, instead permitting a\nnamespaced process to act outside the namespace with the same\nprivileges as it would have inside it.  This is particularly\ndamaging in the common case of running as root within the namespace.\n\nWhen user namespace creation is disallowed, attempting to create a\nuser namespace fails with \"no space left on device\" (ENOSPC).\nroot may re-enable user namespace creation at runtime.\n",
                position: (19, 1),
               },
              ],
              position: (18, 21),
             },
            },
           ],
           recursive: false,
           position: (15, 45),
          },
         ],
        },
       },
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (34, 5),
          },
          Raw {
           content: "unprivilegedUsernsClone",
           position: (34, 14),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (34, 40),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (35, 7),
               },
              ],
             },
             to: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (35, 14),
              },
              attribute_path: AttributePath {
               parts: [
                Raw {
                 content: "bool",
                 position: (35, 20),
                },
               ],
              },
              default: None,
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (36, 7),
               },
              ],
             },
             to: Variable {
              identifier: "false",
              position: (36, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (37, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "When disabled, unprivileged users will not be able to create new namespaces.\nBy default unprivileged user namespaces are disabled.\nThis option only works in a hardened profile.\n",
                position: (38, 1),
               },
              ],
              position: (37, 21),
             },
            },
           ],
           recursive: false,
           position: (34, 49),
          },
         ],
        },
       },
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (44, 5),
          },
          Raw {
           content: "protectKernelImage",
           position: (44, 14),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (44, 35),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (45, 7),
               },
              ],
             },
             to: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (45, 14),
              },
              attribute_path: AttributePath {
               parts: [
                Raw {
                 content: "bool",
                 position: (45, 20),
                },
               ],
              },
              default: None,
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (46, 7),
               },
              ],
             },
             to: Variable {
              identifier: "false",
              position: (46, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (47, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "Whether to prevent replacing the running kernel image.\n",
                position: (48, 1),
               },
              ],
              position: (47, 21),
             },
            },
           ],
           recursive: false,
           position: (44, 44),
          },
         ],
        },
       },
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (52, 5),
          },
          Raw {
           content: "allowSimultaneousMultithreading",
           position: (52, 14),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (52, 48),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (53, 7),
               },
              ],
             },
             to: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (53, 14),
              },
              attribute_path: AttributePath {
               parts: [
                Raw {
                 content: "bool",
                 position: (53, 20),
                },
               ],
              },
              default: None,
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (54, 7),
               },
              ],
             },
             to: Variable {
              identifier: "true",
              position: (54, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (55, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "Whether to allow SMT/hyperthreading.  Disabling SMT means that only\nphysical CPU cores will be usable at runtime, potentially at\nsignificant performance cost.\n\nThe primary motivation for disabling SMT is to mitigate the risk of\nleaking data between threads running on the same CPU core (due to\ne.g., shared caches).  This attack vector is unproven.\n\nDisabling SMT is a supplement to the L1 data cache flushing mitigation\n(see <xref linkend=\"opt-security.virtualisation.flushL1DataCache\"/>)\nversus malicious VM guests (SMT could \"bring back\" previously flushed\ndata).\n",
                position: (56, 1),
               },
              ],
              position: (55, 21),
             },
            },
           ],
           recursive: false,
           position: (52, 57),
          },
         ],
        },
       },
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (71, 5),
          },
          Raw {
           content: "forcePageTableIsolation",
           position: (71, 14),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (71, 40),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (72, 7),
               },
              ],
             },
             to: PropertyAccess {
              expression: Variable {
               identifier: "types",
               position: (72, 14),
              },
              attribute_path: AttributePath {
               parts: [
                Raw {
                 content: "bool",
                 position: (72, 20),
                },
               ],
              },
              default: None,
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (73, 7),
               },
              ],
             },
             to: Variable {
              identifier: "false",
              position: (73, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (74, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "Whether to force-enable the Page Table Isolation (PTI) Linux kernel\nfeature even on CPU models that claim to be safe from Meltdown.\n\nThis hardening feature is most beneficial to systems that run untrusted\nworkloads that rely on address space isolation for security.\n",
                position: (75, 1),
               },
              ],
              position: (74, 21),
             },
            },
           ],
           recursive: false,
           position: (71, 49),
          },
         ],
        },
       },
       Binding {
        from: AttributePath {
         parts: [
          Raw {
           content: "security",
           position: (83, 5),
          },
          Raw {
           content: "virtualisation",
           position: (83, 14),
          },
          Raw {
           content: "flushL1DataCache",
           position: (83, 29),
          },
         ],
        },
        to: FunctionApplication {
         function: Variable {
          identifier: "mkOption",
          position: (83, 48),
         },
         arguments: [
          Map {
           bindings: [
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "type",
                position: (84, 7),
               },
              ],
             },
             to: FunctionApplication {
              function: PropertyAccess {
               expression: Variable {
                identifier: "types",
                position: (84, 14),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "nullOr",
                  position: (84, 20),
                 },
                ],
               },
               default: None,
              },
              arguments: [
               Parentheses {
                expression: FunctionApplication {
                 function: PropertyAccess {
                  expression: Variable {
                   identifier: "types",
                   position: (84, 28),
                  },
                  attribute_path: AttributePath {
                   parts: [
                    Raw {
                     content: "enum",
                     position: (84, 34),
                    },
                   ],
                  },
                  default: None,
                 },
                 arguments: [
                  List {
                   elements: [
                    String {
                     parts: [
                      Raw {
                       content: "never",
                       position: (84, 42),
                      },
                     ],
                     position: (84, 41),
                    },
                    String {
                     parts: [
                      Raw {
                       content: "cond",
                       position: (84, 50),
                      },
                     ],
                     position: (84, 49),
                    },
                    String {
                     parts: [
                      Raw {
                       content: "always",
                       position: (84, 57),
                      },
                     ],
                     position: (84, 56),
                    },
                   ],
                   position: (84, 39),
                  },
                 ],
                },
                position: (84, 27),
               },
              ],
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "default",
                position: (85, 7),
               },
              ],
             },
             to: Variable {
              identifier: "null",
              position: (85, 17),
             },
            },
            Binding {
             from: AttributePath {
              parts: [
               Raw {
                content: "description",
                position: (86, 7),
               },
              ],
             },
             to: String {
              parts: [
               Raw {
                content: "Whether the hypervisor should flush the L1 data cache before\nentering guests.\nSee also <xref linkend=\"opt-security.allowSimultaneousMultithreading\"/>.\n\n<variablelist>\n  <varlistentry>\n    <term><literal>null</literal></term>\n    <listitem><para>uses the kernel default</para></listitem>\n  </varlistentry>\n  <varlistentry>\n    <term><literal>\"never\"</literal></term>\n    <listitem><para>disables L1 data cache flushing entirely.\n    May be appropriate if all guests are trusted.</para></listitem>\n  </varlistentry>\n  <varlistentry>\n    <term><literal>\"cond\"</literal></term>\n    <listitem><para>flushes L1 data cache only for pre-determined\n    code paths.  May leak information about the host address space\n    layout.</para></listitem>\n  </varlistentry>\n  <varlistentry>\n    <term><literal>\"always\"</literal></term>\n    <listitem><para>flushes L1 data cache every time the hypervisor\n    enters the guest.  May incur significant performance cost.\n    </para></listitem>\n  </varlistentry>\n</variablelist>\n",
                position: (87, 1),
               },
              ],
              position: (86, 21),
             },
            },
           ],
           recursive: false,
           position: (83, 57),
          },
         ],
        },
       },
      ],
      recursive: false,
      position: (14, 13),
     },
    },
    Binding {
     from: AttributePath {
      parts: [
       Raw {
        content: "config",
        position: (118, 3),
       },
      ],
     },
     to: FunctionApplication {
      function: Variable {
       identifier: "mkMerge",
       position: (118, 12),
      },
      arguments: [
       List {
        elements: [
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (119, 6),
           },
           arguments: [
            Parentheses {
             expression: UnaryOperation {
              operator: Not,
              operand: PropertyAccess {
               expression: Variable {
                identifier: "config",
                position: (119, 13),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "security",
                  position: (119, 20),
                 },
                 Raw {
                  content: "allowUserNamespaces",
                  position: (119, 29),
                 },
                ],
               },
               default: None,
              },
              position: (119, 12),
             },
             position: (119, 11),
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (123, 7),
                 },
                 Raw {
                  content: "kernel",
                  position: (123, 12),
                 },
                 Raw {
                  content: "sysctl",
                  position: (123, 19),
                 },
                 Expression {
                  ast: String {
                   parts: [
                    Raw {
                     content: "user.max_user_namespaces",
                     position: (123, 27),
                    },
                   ],
                   position: (123, 26),
                  },
                 },
                ],
               },
               to: Int {
                value: 0,
                position: (123, 55),
               },
              },
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "assertions",
                  position: (125, 7),
                 },
                ],
               },
               to: List {
                elements: [
                 Map {
                  bindings: [
                   Binding {
                    from: AttributePath {
                     parts: [
                      Raw {
                       content: "assertion",
                       position: (126, 11),
                      },
                     ],
                    },
                    to: BinaryOperation {
                     operator: Implication,
                     operands: [
                      PropertyAccess {
                       expression: Variable {
                        identifier: "config",
                        position: (126, 23),
                       },
                       attribute_path: AttributePath {
                        parts: [
                         Raw {
                          content: "nix",
                          position: (126, 30),
                         },
                         Raw {
                          content: "settings",
                          position: (126, 34),
                         },
                         Raw {
                          content: "sandbox",
                          position: (126, 43),
                         },
                        ],
                       },
                       default: None,
                      },
                      PropertyAccess {
                       expression: Variable {
                        identifier: "config",
                        position: (126, 54),
                       },
                       attribute_path: AttributePath {
                        parts: [
                         Raw {
                          content: "security",
                          position: (126, 61),
                         },
                         Raw {
                          content: "allowUserNamespaces",
                          position: (126, 70),
                         },
                        ],
                       },
                       default: None,
                      },
                     ],
                     position: (126, 51),
                    },
                   },
                   Binding {
                    from: AttributePath {
                     parts: [
                      Raw {
                       content: "message",
                       position: (127, 11),
                      },
                     ],
                    },
                    to: String {
                     parts: [
                      Raw {
                       content: "`nix.settings.sandbox = true` conflicts with `!security.allowUserNamespaces`.",
                       position: (127, 22),
                      },
                     ],
                     position: (127, 21),
                    },
                   },
                  ],
                  recursive: false,
                  position: (126, 9),
                 },
                ],
                position: (125, 20),
               },
              },
             ],
             recursive: false,
             position: (119, 50),
            },
           ],
          },
          position: (119, 5),
         },
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (132, 6),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "config",
              position: (132, 11),
             },
             attribute_path: AttributePath {
              parts: [
               Raw {
                content: "security",
                position: (132, 18),
               },
               Raw {
                content: "unprivilegedUsernsClone",
                position: (132, 27),
               },
              ],
             },
             default: None,
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (133, 7),
                 },
                 Raw {
                  content: "kernel",
                  position: (133, 12),
                 },
                 Raw {
                  content: "sysctl",
                  position: (133, 19),
                 },
                 Expression {
                  ast: String {
                   parts: [
                    Raw {
                     content: "kernel.unprivileged_userns_clone",
                     position: (133, 27),
                    },
                   ],
                   position: (133, 26),
                  },
                 },
                ],
               },
               to: FunctionApplication {
                function: Variable {
                 identifier: "mkDefault",
                 position: (133, 63),
                },
                arguments: [
                 Variable {
                  identifier: "true",
                  position: (133, 73),
                 },
                ],
               },
              },
             ],
             recursive: false,
             position: (132, 51),
            },
           ],
          },
          position: (132, 5),
         },
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (136, 6),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "config",
              position: (136, 11),
             },
             attribute_path: AttributePath {
              parts: [
               Raw {
                content: "security",
                position: (136, 18),
               },
               Raw {
                content: "protectKernelImage",
                position: (136, 27),
               },
              ],
             },
             default: None,
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (138, 7),
                 },
                 Raw {
                  content: "kernelParams",
                  position: (138, 12),
                 },
                ],
               },
               to: List {
                elements: [
                 String {
                  parts: [
                   Raw {
                    content: "nohibernate",
                    position: (138, 30),
                   },
                  ],
                  position: (138, 29),
                 },
                ],
                position: (138, 27),
               },
              },
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (140, 7),
                 },
                 Raw {
                  content: "kernel",
                  position: (140, 12),
                 },
                 Raw {
                  content: "sysctl",
                  position: (140, 19),
                 },
                 Expression {
                  ast: String {
                   parts: [
                    Raw {
                     content: "kernel.kexec_load_disabled",
                     position: (140, 27),
                    },
                   ],
                   position: (140, 26),
                  },
                 },
                ],
               },
               to: FunctionApplication {
                function: Variable {
                 identifier: "mkDefault",
                 position: (140, 57),
                },
                arguments: [
                 Variable {
                  identifier: "true",
                  position: (140, 67),
                 },
                ],
               },
              },
             ],
             recursive: false,
             position: (136, 46),
            },
           ],
          },
          position: (136, 5),
         },
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (143, 6),
           },
           arguments: [
            Parentheses {
             expression: UnaryOperation {
              operator: Not,
              operand: PropertyAccess {
               expression: Variable {
                identifier: "config",
                position: (143, 13),
               },
               attribute_path: AttributePath {
                parts: [
                 Raw {
                  content: "security",
                  position: (143, 20),
                 },
                 Raw {
                  content: "allowSimultaneousMultithreading",
                  position: (143, 29),
                 },
                ],
               },
               default: None,
              },
              position: (143, 12),
             },
             position: (143, 11),
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (144, 7),
                 },
                 Raw {
                  content: "kernelParams",
                  position: (144, 12),
                 },
                ],
               },
               to: List {
                elements: [
                 String {
                  parts: [
                   Raw {
                    content: "nosmt",
                    position: (144, 30),
                   },
                  ],
                  position: (144, 29),
                 },
                ],
                position: (144, 27),
               },
              },
             ],
             recursive: false,
             position: (143, 62),
            },
           ],
          },
          position: (143, 5),
         },
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (147, 6),
           },
           arguments: [
            PropertyAccess {
             expression: Variable {
              identifier: "config",
              position: (147, 11),
             },
             attribute_path: AttributePath {
              parts: [
               Raw {
                content: "security",
                position: (147, 18),
               },
               Raw {
                content: "forcePageTableIsolation",
                position: (147, 27),
               },
              ],
             },
             default: None,
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (148, 7),
                 },
                 Raw {
                  content: "kernelParams",
                  position: (148, 12),
                 },
                ],
               },
               to: List {
                elements: [
                 String {
                  parts: [
                   Raw {
                    content: "pti=on",
                    position: (148, 30),
                   },
                  ],
                  position: (148, 29),
                 },
                ],
                position: (148, 27),
               },
              },
             ],
             recursive: false,
             position: (147, 51),
            },
           ],
          },
          position: (147, 5),
         },
         Parentheses {
          expression: FunctionApplication {
           function: Variable {
            identifier: "mkIf",
            position: (151, 6),
           },
           arguments: [
            Parentheses {
             expression: BinaryOperation {
              operator: NotEqualTo,
              operands: [
               PropertyAccess {
                expression: Variable {
                 identifier: "config",
                 position: (151, 12),
                },
                attribute_path: AttributePath {
                 parts: [
                  Raw {
                   content: "security",
                   position: (151, 19),
                  },
                  Raw {
                   content: "virtualisation",
                   position: (151, 28),
                  },
                  Raw {
                   content: "flushL1DataCache",
                   position: (151, 43),
                  },
                 ],
                },
                default: None,
               },
               Variable {
                identifier: "null",
                position: (151, 63),
               },
              ],
              position: (151, 60),
             },
             position: (151, 11),
            },
            Map {
             bindings: [
              Binding {
               from: AttributePath {
                parts: [
                 Raw {
                  content: "boot",
                  position: (152, 7),
                 },
                 Raw {
                  content: "kernelParams",
                  position: (152, 12),
                 },
                ],
               },
               to: List {
                elements: [
                 String {
                  parts: [
                   Raw {
                    content: "kvm-intel.vmentry_l1d_flush=",
                    position: (152, 30),
                   },
                   Interpolation {
                    expression: PropertyAccess {
                     expression: Variable {
                      identifier: "config",
                      position: (152, 60),
                     },
                     attribute_path: AttributePath {
                      parts: [
                       Raw {
                        content: "security",
                        position: (152, 67),
                       },
                       Raw {
                        content: "virtualisation",
                        position: (152, 76),
                       },
                       Raw {
                        content: "flushL1DataCache",
                        position: (152, 91),
                       },
                      ],
                     },
                     default: None,
                    },
                   },
                  ],
                  position: (152, 29),
                 },
                ],
                position: (152, 27),
               },
              },
             ],
             recursive: false,
             position: (151, 69),
            },
           ],
          },
          position: (151, 5),
         },
        ],
        position: (118, 20),
       },
      ],
     },
    },
   ],
   recursive: false,
   position: (5, 1),
  },
  position: (3, 1),
 },
 position: (1, 1),
}