diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2018-04-29 12:00:16 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2018-04-29 12:17:24 +0200 |
| commit | 33615ccfa5a7c324a694f630f0b48fba8d40f9ba (patch) | |
| tree | faf3faf7d9c7ff5f367b9a8da1f017c3a17d36fa /pkgs/os-specific | |
| parent | cbc3afc655c9b3cf53833044fb49bda08f428dc2 (diff) | |
| download | nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar.gz nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar.bz2 nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar.lz nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar.xz nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.tar.zst nixlib-33615ccfa5a7c324a694f630f0b48fba8d40f9ba.zip | |
linux_hardened: enforce usercopy whitelisting
The default is to warn only
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 3a82c00c5010..a00ba9ab7b8e 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -78,6 +78,9 @@ ${optionalString (versionAtLeast version "4.13") '' # Perform usercopy bounds checking. HARDENED_USERCOPY y +${optionalString (versionAtLeast version "4.16") '' + HARDENED_USERCOPY_FALLBACK n +''} # Randomize allocator freelists. SLAB_FREELIST_RANDOM y |