diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-07 04:53:55 +0100 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-12-08 11:59:57 +0100 |
commit | f39d13cd3e577d546445df4bcd6cbe2905b655c1 (patch) | |
tree | 8c3d46e664baba88a4f414811706c0f52a31f828 | |
parent | 8ff31be4c24b01fabbac7aca6b7f3043932cd6be (diff) | |
download | nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar.gz nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar.bz2 nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar.lz nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar.xz nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.tar.zst nixlib-f39d13cd3e577d546445df4bcd6cbe2905b655c1.zip |
grsecurity doc: describe work-around for gitlab
Fixes https://github.com/NixOS/nixpkgs/issues/20959
-rw-r--r-- | nixos/modules/security/grsecurity.xml | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml index 5b3e4db03a13..a7bcf4924f01 100644 --- a/nixos/modules/security/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml @@ -325,6 +325,19 @@ </programlisting> </para></listitem> + <listitem><para> + The gitlab service (<xref linkend="module-services-gitlab" />) + requires a variant of the <literal>ruby</literal> interpreter + built without `mprotect()` hardening, as in + <programlisting> + services.gitlab.packages.gitlab = pkgs.gitlab.override { + ruby = pkgs.ruby.overrideAttrs (attrs: { + postFixup = "paxmark m $out/bin/ruby"; + }); + }; + </programlisting> + </para></listitem> + </itemizedlist> </sect1> |