diff options
author | Tim Steinbach <tim@nequissimus.com> | 2018-01-11 08:30:19 -0500 |
---|---|---|
committer | Tim Steinbach <tim@nequissimus.com> | 2018-01-11 08:30:19 -0500 |
commit | eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda (patch) | |
tree | 35692797f9a962e6c72392e3ec64a9e9498d5157 | |
parent | b5b6656c87b53180523ef9b39d0edb3461841374 (diff) | |
download | nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar.gz nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar.bz2 nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar.lz nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar.xz nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.tar.zst nixlib-eb0ecd7eba1ac82b9bfe5c8c4bf9931d7d9eccda.zip |
linux-copperhead: 4.14.12.a -> 4.14.13.a
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 4 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix | 4 |
3 files changed, 5 insertions, 5 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 5fc22736d7f4..24ae1967570b 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -343,7 +343,7 @@ with stdenv.lib; # Security related features. RANDOMIZE_BASE? y - STRICT_DEVMEM y # Filter access to /dev/mem + STRICT_DEVMEM? y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default SECURITY_YAMA? y # Prevent processes from ptracing non-children processes DEVKMEM n # Disable /dev/kmem diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index b7959f9d3599..3a82c00c5010 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -61,8 +61,8 @@ ${optionalString (versionAtLeast version "4.12") '' DEBUG_WX y # boot-time warning on RWX mappings # Stricter /dev/mem -STRICT_DEVMEM y -IO_STRICT_DEVMEM y +STRICT_DEVMEM? y +IO_STRICT_DEVMEM? y # Perform additional validation of commonly targeted structures. DEBUG_CREDENTIALS y diff --git a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix index 5f4a5d5adb59..1ccc152bb289 100644 --- a/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix +++ b/pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix @@ -3,9 +3,9 @@ with stdenv.lib; let - version = "4.14.12"; + version = "4.14.13"; revision = "a"; - sha256 = "002a3c177fix472wqc89zrpfzwk60l7dn76l869ivgnd60n6wqb2"; + sha256 = "08fvb1lllb0xkckw2y66g0j5z88kp877r51jj3kksfkvjfibjr0j"; # modVersion needs to be x.y.z, will automatically add .0 if needed modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0"))); |