diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-08 01:01:44 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-08 01:01:44 +0100 |
commit | eb5a897161d4c6daf4a4fa80eca42829cc501a75 (patch) | |
tree | ae3d61a5373202c1b625b7819d6d05ae4b4ab913 /nixos | |
parent | d43578b599d4b7329fb1197118b4621eaac824c3 (diff) | |
parent | be3bd972d5f242340a28b65c31d2f16a97c59017 (diff) | |
download | nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.gz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.bz2 nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.lz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.xz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.zst nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.zip |
Merge remote-tracking branch 'origin/pr/13505'
Fixes #13505.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/grsecurity.nix | 28 |
1 files changed, 6 insertions, 22 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 40942644868a..3aabbc8fe1bc 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -26,19 +26,12 @@ in ''; }; - stable = mkOption { - type = types.bool; - default = false; + kernelPatch = mkOption { + type = types.attrs; + default = pkgs.kernelPatches.grsecurity_latest; + example = pkgs.kernelPatches.grsecurity_4_1; description = '' - Enable the stable grsecurity patch, based on Linux 3.14. - ''; - }; - - testing = mkOption { - type = types.bool; - default = false; - description = '' - Enable the testing grsecurity patch, based on Linux 4.0. + Grsecurity patch to use. ''; }; @@ -219,16 +212,7 @@ in config = mkIf cfg.enable { assertions = - [ { assertion = cfg.stable || cfg.testing; - message = '' - If grsecurity is enabled, you must select either the - stable patch (with kernel 3.14), or the testing patch (with - kernel 4.0) to continue. - ''; - } - { assertion = !(cfg.stable && cfg.testing); - message = "Select either one of the stable or testing patch"; - } + [ { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc); message = "You cannot enable both restrictProc and restrictProcWithGroup"; |