diff options
author | Ben Wolsieffer <benwolsieffer@gmail.com> | 2023-10-10 04:13:29 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-10-10 10:13:29 +0200 |
commit | b6876d5c8613c02177feb059e15ec6549e72e379 (patch) | |
tree | 23f869f1d6df8b17a2d930618c3999d36cc9cb77 /nixos | |
parent | 21de4a64c06cbef52ca16cb071300b74de6a15dc (diff) | |
download | nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar.gz nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar.bz2 nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar.lz nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar.xz nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.tar.zst nixlib-b6876d5c8613c02177feb059e15ec6549e72e379.zip |
nixos/security/wrappers: don't force PIE hardening (#259509)
PIE causes problems with static binaries on ARM (see 76552e9). It is enabled by default on other platforms anyway when musl is used, so we don't need to specify it manually.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/security/wrappers/wrapper.nix | 1 |
1 files changed, 0 insertions, 1 deletions
diff --git a/nixos/modules/security/wrappers/wrapper.nix b/nixos/modules/security/wrappers/wrapper.nix index da2fca98d5c5..27d46c630af5 100644 --- a/nixos/modules/security/wrappers/wrapper.nix +++ b/nixos/modules/security/wrappers/wrapper.nix @@ -5,7 +5,6 @@ stdenv.mkDerivation { name = "security-wrapper"; buildInputs = [ linuxHeaders ]; dontUnpack = true; - hardeningEnable = [ "pie" ]; CFLAGS = [ ''-DSOURCE_PROG="${sourceProg}"'' ] ++ (if debug then [ |