summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--nixos/modules/security/grsecurity.xml2
-rw-r--r--pkgs/build-support/grsecurity/default.nix6
-rw-r--r--pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix3
-rw-r--r--pkgs/top-level/all-packages.nix2
4 files changed, 5 insertions, 8 deletions
diff --git a/nixos/modules/security/grsecurity.xml b/nixos/modules/security/grsecurity.xml
index 28415e89bfab..d70891544496 100644
--- a/nixos/modules/security/grsecurity.xml
+++ b/nixos/modules/security/grsecurity.xml
@@ -208,8 +208,6 @@
         let
           kernel = pkgs.linux_grsec_nixos.override {
             extraConfig = ''
-              GRKERNSEC y
-              PAX y
               GRKERNSEC_CONFIG_AUTO y
               GRKERNSEC_CONFIG_SERVER y
               GRKERNSEC_CONFIG_SECURITY y
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix
index 19aa57ccd99a..4379b1997ae2 100644
--- a/pkgs/build-support/grsecurity/default.nix
+++ b/pkgs/build-support/grsecurity/default.nix
@@ -22,7 +22,11 @@ assert (kernel.version == grsecPatch.kver);
 overrideDerivation (kernel.override {
   inherit modDirVersion;
   kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
-  inherit extraConfig;
+  extraConfig = ''
+    GRKERNSEC y
+    PAX y
+    ${extraConfig}
+  '';
   ignoreConfigErrors = true;
 }) (attrs: {
   nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);
diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
index 4c81cd5b6ad0..f2bb5f994174 100644
--- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
+++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
@@ -3,9 +3,6 @@
 with stdenv.lib;
 
 ''
-GRKERNSEC y
-PAX y
-
 GRKERNSEC_CONFIG_AUTO y
 GRKERNSEC_CONFIG_DESKTOP y
 GRKERNSEC_CONFIG_VIRT_HOST y
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 7c5c35abdf61..fb94053970d2 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -10955,8 +10955,6 @@ in
   # An unsupported grsec xen guest kernel
   linux_grsec_server_xen = linux_grsec_nixos.override {
     extraConfig = ''
-      GRKERNSEC y
-      PAX y
       GRKERNSEC_CONFIG_AUTO y
       GRKERNSEC_CONFIG_PRIORITY_SECURITY y
       GRKERNSEC_CONFIG_SERVER y
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-07 09:37:20 +0000