diff options
author | William A. Kennington III <william@wkennington.com> | 2015-05-15 17:38:09 -0700 |
---|---|---|
committer | William A. Kennington III <william@wkennington.com> | 2015-05-15 18:38:15 -0700 |
commit | 13a38440c6993438ec7847eb8f00ad66fb3fd946 (patch) | |
tree | 0ec64f04d8b9cc5e0741e6f8d57ba78e3c9ff849 /pkgs/os-specific | |
parent | bca69399a88c50a9220c9888f85663a449ebc5c9 (diff) | |
download | nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar.gz nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar.bz2 nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar.lz nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar.xz nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.tar.zst nixlib-13a38440c6993438ec7847eb8f00ad66fb3fd946.zip |
kernel-config: Grsecurity fixes
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 16 |
1 files changed, 10 insertions, 6 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 7eb68952f302..42bf534c5002 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -234,7 +234,9 @@ with stdenv.lib; # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - DEVKMEM? n # Disable /dev/kmem + ${optionalString (!features.grsecurity or true) '' + DEVKMEM n # Disable /dev/kmem + ''} ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' @@ -378,11 +380,13 @@ with stdenv.lib; # Virtualisation. PARAVIRT? y - ${if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST? y - '' else '' - PARAVIRT_GUEST? y - ''} + ${optionalString (!features.grsecurity or true) + (if versionAtLeast version "3.10" then '' + HYPERVISOR_GUEST y + '' else '' + PARAVIRT_GUEST? y + '') + } KVM_APIC_ARCHITECTURE y KVM_ASYNC_PF y ${optionalString (versionOlder version "3.7") '' |