diff options
author | tg(x) <*@tg-x.net> | 2016-02-28 04:10:59 +0100 |
---|---|---|
committer | tg(x) <*@tg-x.net> | 2016-02-28 04:10:59 +0100 |
commit | 38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95 (patch) | |
tree | 90fc9e43017f4697faaf0c2f98a7d07e9cac8c02 /pkgs/build-support | |
parent | 4e3d6d3e90de85b610290af60ba374da20a2cc69 (diff) | |
download | nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar.gz nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar.bz2 nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar.lz nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar.xz nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.tar.zst nixlib-38614d3f6ac0a071e4d9e4ee0a6faa1d517c3b95.zip |
grsecurity: use kernel version instead of testing / stable
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/grsecurity/default.nix | 15 | ||||
-rw-r--r-- | pkgs/build-support/grsecurity/flavors.nix | 25 |
2 files changed, 12 insertions, 28 deletions
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index 4a395d464590..64cce3dbad52 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -4,8 +4,7 @@ with lib; let cfg = { - stable = grsecOptions.stable or false; - testing = grsecOptions.testing or false; + kernelPatch = grsecOptions.kernelPatch; config = { mode = "auto"; sysctl = false; @@ -28,12 +27,7 @@ let inherit (patch) kernel patches grversion revision; }; - test-patch = with pkgs.kernelPatches; grsecurity_testing; - stable-patch = with pkgs.kernelPatches; grsecurity_stable; - - grKernel = if cfg.stable - then mkKernel stable-patch - else mkKernel test-patch; + grKernel = mkKernel cfg.kernelPatch; ## -- grsecurity configuration --------------------------------------------- @@ -90,8 +84,8 @@ let # Disable restricting links under the testing kernel, as something # has changed causing it to fail miserably during boot. - restrictLinks = optionalString cfg.testing - "GRKERNSEC_LINK n"; + #restrictLinks = optionalString cfg.testing + # "GRKERNSEC_LINK n"; in '' GRKERNSEC y ${grsecMainConfig} @@ -109,7 +103,6 @@ let GRKERNSEC_CHROOT_CHMOD ${boolToKernOpt cfg.config.denyChrootChmod} GRKERNSEC_DENYUSB ${boolToKernOpt cfg.config.denyUSB} GRKERNSEC_NO_RBAC ${boolToKernOpt cfg.config.disableRBAC} - ${restrictLinks} ${cfg.config.kernelExtraConfig} ''; diff --git a/pkgs/build-support/grsecurity/flavors.nix b/pkgs/build-support/grsecurity/flavors.nix index 969ca579f5a6..1281d60aa328 100644 --- a/pkgs/build-support/grsecurity/flavors.nix +++ b/pkgs/build-support/grsecurity/flavors.nix @@ -1,26 +1,17 @@ let - mkOpts = ver: prio: sys: virt: swvirt: hwvirt: + mkOpts = prio: sys: virt: swvirt: hwvirt: { config.priority = prio; config.system = sys; config.virtualisationConfig = virt; config.hardwareVirtualisation = hwvirt; config.virtualisationSoftware = swvirt; - } // builtins.listToAttrs [ { name = ver; value = true; } ]; + }; in { - # Stable kernels - linux_grsec_stable_desktop = - mkOpts "stable" "performance" "desktop" "host" "kvm" true; - linux_grsec_stable_server = - mkOpts "stable" "security" "server" "host" "kvm" true; - linux_grsec_stable_server_xen = - mkOpts "stable" "security" "server" "guest" "xen" true; - - # Testing kernels - linux_grsec_testing_desktop = - mkOpts "testing" "performance" "desktop" "host" "kvm" true; - linux_grsec_testing_server = - mkOpts "testing" "security" "server" "host" "kvm" true; - linux_grsec_testing_server_xen = - mkOpts "testing" "security" "server" "guest" "xen" true; + desktop = + mkOpts "performance" "desktop" "host" "kvm" true; + server = + mkOpts "security" "server" "host" "kvm" true; + server_xen = + mkOpts "security" "server" "guest" "xen" true; } |