diff options
| author | Emily <vcs@emily.moe> | 2020-04-05 05:24:02 +0100 |
|---|---|---|
| committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
| commit | 7d5352df311dec624fed63d6988f9ac999547769 (patch) | |
| tree | 50593a3f0511a69c33605904be72e208b8349c16 /pkgs/os-specific | |
| parent | 0d4f35efd4f905b322cd232e9740ce18f04270a0 (diff) | |
| download | nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar.gz nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar.bz2 nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar.lz nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar.xz nixlib-7d5352df311dec624fed63d6988f9ac999547769.tar.zst nixlib-7d5352df311dec624fed63d6988f9ac999547769.zip | |
linux_*_hardened: don't set X86_X32
As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic.
Diffstat (limited to 'pkgs/os-specific')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 2 |
1 files changed, 0 insertions, 2 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 3010d87a178a..7e6f514e19f5 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -19,8 +19,6 @@ assert (versionAtLeast version "4.9"); optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory - # Reduce attack surface by disabling X32 - X86_X32 = no; # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. MODIFY_LDT_SYSCALL = option no; |