diff options
| author | Alexander Kjeldaas <ak@formalprivacy.com> | 2014-11-01 01:07:06 +0100 |
|---|---|---|
| committer | Franz Pletz <fpletz@fnordicwalking.de> | 2016-06-03 15:41:47 +0200 |
| commit | 4c99d22f19d329fe102d89c838134d75f1bf35a2 (patch) | |
| tree | 4c60b556cea4f0d04a82d8280805d88253bed555 /pkgs/os-specific | |
| parent | 4c5fdf42ed3612db4532bc2259dd3f7c6847e077 (diff) | |
| download | nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar.gz nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar.bz2 nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar.lz nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar.xz nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.tar.zst nixlib-4c99d22f19d329fe102d89c838134d75f1bf35a2.zip | |
kernel: set nx bit on module ro segments
Fixes #4757.
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 485cdd76f6ac..3ce65a3f6e18 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -255,6 +255,9 @@ with stdenv.lib; SQUASHFS_LZ4 y ''} + # Runtime security tests + DEBUG_SET_MODULE_RONX? y # Detect writes to read-only module pages + # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default |