diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-02 07:27:29 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-02 11:28:06 +0200 |
commit | a69501a936a6434fbe88fb6a0423dd425563c163 (patch) | |
tree | efb7e81f8a618744a714e5a53198a84626ea20e0 /pkgs | |
parent | 7893cb1aeaa1f561d32b2bb16f0ee025a50ad484 (diff) | |
download | nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar.gz nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar.bz2 nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar.lz nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar.xz nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.tar.zst nixlib-a69501a936a6434fbe88fb6a0423dd425563c163.zip |
grsecurity: ensure that PaX ELF markings are enabled
The upstream default is to enable only xattr markings, breaking the paxmarks facility.
Diffstat (limited to 'pkgs')
-rw-r--r-- | pkgs/build-support/grsecurity/default.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index 6c2e98b9cc1d..0addb1d3d457 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -90,6 +90,10 @@ let GRKERNSEC y ${grsecMainConfig} + # The paxmarks mechanism relies on ELF header markings, but the default + # grsecurity configuration only enables xattr markings + PAX_PT_PAX_FLAGS y + ${if cfg.config.restrictProc then "GRKERNSEC_PROC_USER y" else |