diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-08 01:01:44 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-03-08 01:01:44 +0100 |
commit | eb5a897161d4c6daf4a4fa80eca42829cc501a75 (patch) | |
tree | ae3d61a5373202c1b625b7819d6d05ae4b4ab913 /pkgs/build-support | |
parent | d43578b599d4b7329fb1197118b4621eaac824c3 (diff) | |
parent | be3bd972d5f242340a28b65c31d2f16a97c59017 (diff) | |
download | nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.gz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.bz2 nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.lz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.xz nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.tar.zst nixlib-eb5a897161d4c6daf4a4fa80eca42829cc501a75.zip |
Merge remote-tracking branch 'origin/pr/13505'
Fixes #13505.
Diffstat (limited to 'pkgs/build-support')
-rw-r--r-- | pkgs/build-support/grsecurity/default.nix | 25 | ||||
-rw-r--r-- | pkgs/build-support/grsecurity/flavors.nix | 25 |
2 files changed, 17 insertions, 33 deletions
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index 841effcfca11..64cce3dbad52 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -4,8 +4,7 @@ with lib; let cfg = { - stable = grsecOptions.stable or false; - testing = grsecOptions.testing or false; + kernelPatch = grsecOptions.kernelPatch; config = { mode = "auto"; sysctl = false; @@ -22,18 +21,13 @@ let vals = rec { - mkKernel = kernel: patch: - assert patch.kversion == kernel.version; - { inherit kernel patch; - inherit (patch) grversion revision; + mkKernel = patch: + { + inherit patch; + inherit (patch) kernel patches grversion revision; }; - test-patch = with pkgs.kernelPatches; grsecurity_unstable; - stable-patch = with pkgs.kernelPatches; grsecurity_stable; - - grKernel = if cfg.stable - then mkKernel pkgs.linux_3_14 stable-patch - else mkKernel pkgs.linux_4_3 test-patch; + grKernel = mkKernel cfg.kernelPatch; ## -- grsecurity configuration --------------------------------------------- @@ -90,8 +84,8 @@ let # Disable restricting links under the testing kernel, as something # has changed causing it to fail miserably during boot. - restrictLinks = optionalString cfg.testing - "GRKERNSEC_LINK n"; + #restrictLinks = optionalString cfg.testing + # "GRKERNSEC_LINK n"; in '' GRKERNSEC y ${grsecMainConfig} @@ -109,7 +103,6 @@ let GRKERNSEC_CHROOT_CHMOD ${boolToKernOpt cfg.config.denyChrootChmod} GRKERNSEC_DENYUSB ${boolToKernOpt cfg.config.denyUSB} GRKERNSEC_NO_RBAC ${boolToKernOpt cfg.config.disableRBAC} - ${restrictLinks} ${cfg.config.kernelExtraConfig} ''; @@ -136,7 +129,7 @@ let mkGrsecKern = grkern: lowPrio (overrideDerivation (grkern.kernel.override (args: { - kernelPatches = args.kernelPatches ++ [ grkern.patch pkgs.kernelPatches.grsec_fix_path ]; + kernelPatches = args.kernelPatches ++ [ grkern.patch ] ++ grkern.patches; argsOverride = { modDirVersion = "${grkern.kernel.modDirVersion}${localver grkern}"; }; diff --git a/pkgs/build-support/grsecurity/flavors.nix b/pkgs/build-support/grsecurity/flavors.nix index 969ca579f5a6..1281d60aa328 100644 --- a/pkgs/build-support/grsecurity/flavors.nix +++ b/pkgs/build-support/grsecurity/flavors.nix @@ -1,26 +1,17 @@ let - mkOpts = ver: prio: sys: virt: swvirt: hwvirt: + mkOpts = prio: sys: virt: swvirt: hwvirt: { config.priority = prio; config.system = sys; config.virtualisationConfig = virt; config.hardwareVirtualisation = hwvirt; config.virtualisationSoftware = swvirt; - } // builtins.listToAttrs [ { name = ver; value = true; } ]; + }; in { - # Stable kernels - linux_grsec_stable_desktop = - mkOpts "stable" "performance" "desktop" "host" "kvm" true; - linux_grsec_stable_server = - mkOpts "stable" "security" "server" "host" "kvm" true; - linux_grsec_stable_server_xen = - mkOpts "stable" "security" "server" "guest" "xen" true; - - # Testing kernels - linux_grsec_testing_desktop = - mkOpts "testing" "performance" "desktop" "host" "kvm" true; - linux_grsec_testing_server = - mkOpts "testing" "security" "server" "host" "kvm" true; - linux_grsec_testing_server_xen = - mkOpts "testing" "security" "server" "guest" "xen" true; + desktop = + mkOpts "performance" "desktop" "host" "kvm" true; + server = + mkOpts "security" "server" "host" "kvm" true; + server_xen = + mkOpts "security" "server" "guest" "xen" true; } |