diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-11-20 21:54:38 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-11-20 23:00:41 +0100 |
| commit | 98935c7103927690b4ca366a2763140081615794 (patch) | |
| tree | ef136374b4a882bac5fd48b7edbaced150830737 /nixos | |
| parent | 5ad8a56d1621b7678d61c0def9c621a5e64b0eb3 (diff) | |
| download | nixlib-98935c7103927690b4ca366a2763140081615794.tar nixlib-98935c7103927690b4ca366a2763140081615794.tar.gz nixlib-98935c7103927690b4ca366a2763140081615794.tar.bz2 nixlib-98935c7103927690b4ca366a2763140081615794.tar.lz nixlib-98935c7103927690b4ca366a2763140081615794.tar.xz nixlib-98935c7103927690b4ca366a2763140081615794.tar.zst nixlib-98935c7103927690b4ca366a2763140081615794.zip | |
grsecurity module: remove requiredKernelConfig
Using a custom package set with the NixOS module is no longer something I wish to support. It's still *possible* but not advertised. Secondly, the requiredKernelConfig didn't really do anything (setting kernelPackages to a non-grsec kernel would just silently let the user boot into a non-grsec setup ...).
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/security/grsecurity.nix | 10 | ||||
| -rw-r--r-- | nixos/modules/security/grsecurity.xml | 8 |
2 files changed, 3 insertions, 15 deletions
diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index 155bbea8c6e6..c37bcb70d9d2 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -65,20 +65,10 @@ in config = mkIf cfg.enable { - # Allow the user to select a different package set, subject to the stated - # required kernel config boot.kernelPackages = mkDefault pkgs.linuxPackages_grsec_nixos; boot.kernelParams = optional cfg.disableEfiRuntimeServices "noefi"; - system.requiredKernelConfig = with config.lib.kernelConfig; - [ (isEnabled "GRKERNSEC") - (isEnabled "PAX") - (isYes "GRKERNSEC_SYSCTL") - (isYes "GRKERNSEC_SYSCTL_DISTRO") - (isNo "GRKERNSEC_NO_RBAC") - ]; - nixpkgs.config.grsecurity = true; # Install PaX related utillities into the system profile. diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml index 37314bdba8a5..6f9884336b1e 100644 --- a/nixos/modules/security/grsecurity.xml +++ b/nixos/modules/security/grsecurity.xml @@ -225,11 +225,9 @@ </para> <para> - The NixOS module makes several assumptions about the kernel and so may be - incompatible with your customised kernel. Most of these assumptions are - encoded as assertions — mismatches should ideally result in a build - failure. Currently, the only way to work around incompatibilities is to - eschew the NixOS module and do all configuration yourself. + The NixOS module makes several assumptions about the kernel and so + may be incompatible with your customised kernel. Currently, the only way + to work around incompatibilities is to eschew the NixOS module. </para> </sect1> |