diff options
author | Austin Seipp <aseipp@pobox.com> | 2014-06-22 22:28:32 -0500 |
---|---|---|
committer | Austin Seipp <aseipp@pobox.com> | 2014-06-22 22:29:10 -0500 |
commit | 0399c5ee24fb0caa5c81be40456636dddfe7692a (patch) | |
tree | 94a7d9c02de84d80d4318f94b59d88794ca200b0 /nixos/modules | |
parent | 125c2b946833687b01cdef36f2d638d242d646b0 (diff) | |
download | nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.gz nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.bz2 nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.lz nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.xz nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.tar.zst nixlib-0399c5ee24fb0caa5c81be40456636dddfe7692a.zip |
grsecurity: update stable/testing kernels, refactoring
This updates the new stable kernel to 3.14, and the new testing kernel to 3.15. This also removes the vserver kernel, since it's probably not nearly as used. Signed-off-by: Austin Seipp <aseipp@pobox.com>
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/security/grsecurity.nix | 21 |
1 files changed, 4 insertions, 17 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index f4af04247fe9..3bd58218c99d 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -6,12 +6,10 @@ let cfg = config.security.grsecurity; customGrsecPkg = - (import ../../../pkgs/build-support/grsecurity - { - inherit lib pkgs; - grsecOptions = cfg; - } - ).grsecPackage; + (import ../../../pkgs/build-support/grsecurity { + grsecOptions = cfg; + inherit pkgs lib; + }).grsecPackage; in { options = { @@ -36,14 +34,6 @@ in ''; }; - vserver = mkOption { - type = types.bool; - default = false; - description = '' - Enable the stable grsecurity/vserver patches, based on Linux 3.2. - ''; - }; - testing = mkOption { type = types.bool; default = false; @@ -246,9 +236,6 @@ in both. ''; } - { assertion = (cfg.testing -> !cfg.vserver); - message = "The vserver patches are only supported in the stable kernel."; - } { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc); message = "You cannot enable both restrictProc and restrictProcWithGroup"; |