about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAustin Seipp <aseipp@pobox.com>2014-06-22 22:28:32 -0500
committerAustin Seipp <aseipp@pobox.com>2014-06-22 22:29:10 -0500
commit0399c5ee24fb0caa5c81be40456636dddfe7692a (patch)
tree94a7d9c02de84d80d4318f94b59d88794ca200b0
parent125c2b946833687b01cdef36f2d638d242d646b0 (diff)
downloadnixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.gz
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.bz2
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.lz
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.xz
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.zst
nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.zip
grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
Diffstat
-rw-r--r--nixos/modules/security/grsecurity.nix21
-rw-r--r--pkgs/build-support/grsecurity/default.nix10
-rw-r--r--pkgs/build-support/grsecurity/flavors.nix8
-rw-r--r--pkgs/os-specific/linux/kernel/patches.nix19
-rw-r--r--pkgs/top-level/all-packages.nix8
5 files changed, 15 insertions, 51 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index f4af04247fe9..3bd58218c99d 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -6,12 +6,10 @@ let
   cfg = config.security.grsecurity;
 
   customGrsecPkg =
-    (import ../../../pkgs/build-support/grsecurity
-      {
-        inherit lib pkgs;
-        grsecOptions = cfg;
-      }
-    ).grsecPackage;
+    (import ../../../pkgs/build-support/grsecurity {
+      grsecOptions = cfg;
+      inherit pkgs lib;
+    }).grsecPackage;
 in
 {
   options = {
@@ -36,14 +34,6 @@ in
         '';
       };
 
-      vserver = mkOption {
-        type = types.bool;
-        default = false;
-        description = ''
-          Enable the stable grsecurity/vserver patches, based on Linux 3.2.
-        '';
-      };
-
       testing = mkOption {
         type = types.bool;
         default = false;
@@ -246,9 +236,6 @@ in
             both.
           '';
         }
-        { assertion = (cfg.testing -> !cfg.vserver);
-          message   = "The vserver patches are only supported in the stable kernel.";
-        }
         { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
                       (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);
           message   = "You cannot enable both restrictProc and restrictProcWithGroup";
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix
index a9c60a2afbd0..e66b348d082a 100644
--- a/pkgs/build-support/grsecurity/default.nix
+++ b/pkgs/build-support/grsecurity/default.nix
@@ -5,7 +5,6 @@ with lib;
 let
   cfg = {
     stable  = grsecOptions.stable  or false;
-    vserver = grsecOptions.vserver or false;
     testing = grsecOptions.testing or false;
     config = {
       mode = "auto";
@@ -29,12 +28,11 @@ let
         };
 
     test-patch = with pkgs.kernelPatches; grsecurity_unstable;
-    stable-patch = with pkgs.kernelPatches;
-      if cfg.vserver then grsecurity_vserver else grsecurity_stable;
+    stable-patch = with pkgs.kernelPatches; grsecurity_stable;
 
-    grKernel = if (cfg.stable || cfg.vserver)
-               then mkKernel pkgs.linux_3_2  stable-patch
-               else mkKernel pkgs.linux_3_14 test-patch;
+    grKernel = if cfg.stable
+               then mkKernel pkgs.linux_3_14 stable-patch
+               else mkKernel pkgs.linux_3_15 test-patch;
 
     ## -- grsecurity configuration ---------------------------------------------
 
diff --git a/pkgs/build-support/grsecurity/flavors.nix b/pkgs/build-support/grsecurity/flavors.nix
index 57d52e7cf943..969ca579f5a6 100644
--- a/pkgs/build-support/grsecurity/flavors.nix
+++ b/pkgs/build-support/grsecurity/flavors.nix
@@ -16,12 +16,6 @@ in
   linux_grsec_stable_server_xen =
     mkOpts "stable" "security" "server" "guest" "xen" true;
 
-  # Stable+vserver kernels - server versions only
-  linux_grsec_vserver_server  =
-    mkOpts "vserver" "security" "server" "host" "kvm" true;
-  linux_grsec_vserver_server_xen =
-    mkOpts "vserver" "security" "server" "guest" "xen" true;
-
   # Testing kernels
   linux_grsec_testing_desktop =
     mkOpts "testing" "performance" "desktop" "host" "kvm" true;
@@ -29,4 +23,4 @@ in
     mkOpts "testing" "security" "server" "host" "kvm" true;
   linux_grsec_testing_server_xen =
     mkOpts "testing" "security" "server" "guest" "xen" true;
-}
\ No newline at end of file
+}
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 9f62042d09c8..eb4d7a100be9 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -60,24 +60,17 @@ rec {
   };
 
   grsecurity_stable = grsecPatch
-    { kversion  = "3.2.60";
-      revision  = "201406191345";
+    { kversion  = "3.14.8";
+      revision  = "201406222110";
       branch    = "stable";
-      sha256    = "1zb2qxh2qhsrqi4gnslr3b6342ni9c6y20gb8jgh5plhnk5szx7v";
-    };
-
-  grsecurity_vserver = grsecPatch
-    { kversion  = "3.2.60";
-      revision  = "vs2.3.2.16-201406191346";
-      branch    = "vserver";
-      sha256    = "0qlbqpnh5wkgk8phh67bl4a25rb8n1k1hlq0kmcrnz6c3kflrsdz";
+      sha256    = "0jar710hqpjkp4g3ldrbcpgc170v9qp8ykajq5fi8mxx4j54gjwa";
     };
 
   grsecurity_unstable = grsecPatch
-    { kversion  = "3.14.8";
-      revision  = "201406191347";
+    { kversion  = "3.15.1";
+      revision  = "201406222112";
       branch    = "test";
-      sha256    = "01kl89vhr3mrp7g4ypcf9xrv0i4f9d4sdq4a11qhwyf1w48qr7da";
+      sha256    = "04sbpmzgfgn7hjiln9baynpgr7k67lm0b5wn2z8i2jsjigfmv0r4";
     };
 
   grsec_fix_path =
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 782443c13b62..a50cf7d92a00 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -7285,10 +7285,6 @@ let
   linux_grsec_stable_server     = grKernel grFlavors.linux_grsec_stable_server;
   linux_grsec_stable_server_xen = grKernel grFlavors.linux_grsec_stable_server_xen;
 
-  # Stable+vserver kernels - server versions only
-  #linux_grsec_vserver_server     = grKernel grFlavors.linux_grsec_vserver_server;
-  #linux_grsec_vserver_server_xen = grKernel grFlavors.linux_grsec_vserver_server_xen;
-
   # Testing kernels
   linux_grsec_testing_desktop = grKernel grFlavors.linux_grsec_testing_desktop;
   linux_grsec_testing_server  = grKernel grFlavors.linux_grsec_testing_server;
@@ -7408,10 +7404,6 @@ let
   linuxPackages_grsec_stable_server     = grPackage grFlavors.linux_grsec_stable_server;
   linuxPackages_grsec_stable_server_xen = grPackage grFlavors.linux_grsec_stable_server_xen;
 
-  # Stable+vserver kernels - server versions only
-  #linuxPackages_grsec_vserver_server     = grPackage grFlavors.linux_grsec_vserver_server;
-  #linuxPackages_grsec_vserver_server_xen = grPackage grFlavors.linux_grsec_vserver_server_xen;
-
   # Testing kernels
   linuxPackages_grsec_testing_desktop = grPackage grFlavors.linux_grsec_testing_desktop;
   linuxPackages_grsec_testing_server  = grPackage grFlavors.linux_grsec_testing_server;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-29 18:46:18 +0000