diff options
author | Tim Steinbach <tim@nequissimus.com> | 2018-07-03 08:35:04 -0400 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2018-07-03 08:35:37 -0400 |
commit | a4d56d0635fc372288b405c5d7d501a60d1a2512 (patch) | |
tree | 5aa78b2e9d90f1f6cae6342f23814ab924822e93 | |
parent | 37066b2aa564caf2bb884c34e4673baba6c7e855 (diff) | |
download | nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar.gz nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar.bz2 nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar.lz nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar.xz nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.tar.zst nixlib-a4d56d0635fc372288b405c5d7d501a60d1a2512.zip |
linux-hardened: Adjust config for 4.17.4
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 5ae128741129..7e277617b61a 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -28,7 +28,9 @@ ${optionalString (stdenv.platform.kernelArch == "x86_64") '' # Reduce attack surface by disabling various emulations IA32_EMULATION n X86_X32 n - MODIFY_LDT_SYSCALL? n + ${optionalString (versionOlder version "4.17") '' + MODIFY_LDT_SYSCALL? n + ''} VMAP_STACK y # Catch kernel stack overflows |