diff options
author | Graham Christensen <graham@grahamc.com> | 2020-03-14 09:20:58 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-03-14 09:20:58 -0400 |
commit | 244178e16676dfa3ddfa5e7596b4ddba20410bc4 (patch) | |
tree | f18352589e799bec030472a8c1e3e66cf166ef2f | |
parent | 17a0f62bed6ebf44c101f0de1bffeceae4bea40c (diff) | |
parent | b628400f5e70c361cc74e6a5c1d041f6a2189e5f (diff) | |
download | nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar.gz nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar.bz2 nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar.lz nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar.xz nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.tar.zst nixlib-244178e16676dfa3ddfa5e7596b4ddba20410bc4.zip |
Merge pull request #82006 from emilazy/enable-linux-hardened-ia32-emulation
linuxPackages_{,_latest,_testing}_hardened: enable 32-bit emulation
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 3 | ||||
-rw-r--r-- | pkgs/top-level/all-packages.nix | 1 |
2 files changed, 1 insertions, 3 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index b28ce770f7a9..3010d87a178a 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -19,8 +19,7 @@ assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory - # Reduce attack surface by disabling various emulations - IA32_EMULATION = no; + # Reduce attack surface by disabling X32 X86_X32 = no; # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index a22bf3e92017..c30bc270ad47 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -16860,7 +16860,6 @@ in # Hardened linux hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override { - features.ia32Emulation = false; structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix { inherit stdenv; inherit (kernel) version; |