diff options
| author | Emily <vcs@emily.moe> | 2020-04-04 22:58:45 +0100 |
|---|---|---|
| committer | Emily <vcs@emily.moe> | 2020-04-17 16:13:39 +0100 |
| commit | db6b3275086f2d27d5d419af7f6025cf1fc70d65 (patch) | |
| tree | 55e1b223e5782b17de98ace47f8f7db638ec9d3f /pkgs | |
| parent | 130f6812be4a3ea5ea7ed5403f1741bf8ffe1e19 (diff) | |
| download | nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar.gz nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar.bz2 nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar.lz nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar.xz nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.tar.zst nixlib-db6b3275086f2d27d5d419af7f6025cf1fc70d65.zip | |
linux_*_hardened: don't set LEGACY_VSYSCALL_NONE
Upstreamed in anthraxx/linux-hardened@d300b0fdad706daab3a36a8d23b35ebe03c3fc87.
Diffstat (limited to 'pkgs')
| -rw-r--r-- | pkgs/os-specific/linux/kernel/hardened-config.nix | 9 |
1 files changed, 1 insertions, 8 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 50bc120ff0fd..589dc50892ac 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -16,14 +16,7 @@ with (stdenv.lib.kernel.whenHelpers version); assert (versionAtLeast version "4.9"); -optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { - # Disable legacy virtual syscalls by default (modern glibc use vDSO instead). - # - # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, - # which is supposed to be safer than the native variant (wrt. ret2libc), so - # disabling it mainly helps reduce surface. - LEGACY_VSYSCALL_NONE = yes; -} // { +{ # Report BUG() conditions and kill the offending process. BUG = yes; |