summary refs log tree commit diff
path: root/pkgs/build-support/grsecurity/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'pkgs/build-support/grsecurity/default.nix')
-rw-r--r--pkgs/build-support/grsecurity/default.nix25
1 files changed, 9 insertions, 16 deletions
diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix
index 841effcfca11..64cce3dbad52 100644
--- a/pkgs/build-support/grsecurity/default.nix
+++ b/pkgs/build-support/grsecurity/default.nix
@@ -4,8 +4,7 @@ with lib;
 
 let
   cfg = {
-    stable  = grsecOptions.stable  or false;
-    testing = grsecOptions.testing or false;
+    kernelPatch = grsecOptions.kernelPatch;
     config = {
       mode = "auto";
       sysctl = false;
@@ -22,18 +21,13 @@ let
 
   vals = rec {
 
-    mkKernel = kernel: patch:
-      assert patch.kversion == kernel.version;
-        { inherit kernel patch;
-          inherit (patch) grversion revision;
+    mkKernel = patch:
+        {
+          inherit patch;
+          inherit (patch) kernel patches grversion revision;
         };
 
-    test-patch = with pkgs.kernelPatches; grsecurity_unstable;
-    stable-patch = with pkgs.kernelPatches; grsecurity_stable;
-
-    grKernel = if cfg.stable
-               then mkKernel pkgs.linux_3_14 stable-patch
-               else mkKernel pkgs.linux_4_3 test-patch;
+    grKernel = mkKernel cfg.kernelPatch;
 
     ## -- grsecurity configuration ---------------------------------------------
 
@@ -90,8 +84,8 @@ let
 
           # Disable restricting links under the testing kernel, as something
           # has changed causing it to fail miserably during boot.
-          restrictLinks = optionalString cfg.testing
-            "GRKERNSEC_LINK n";
+          #restrictLinks = optionalString cfg.testing
+          #  "GRKERNSEC_LINK n";
       in ''
         GRKERNSEC y
         ${grsecMainConfig}
@@ -109,7 +103,6 @@ let
         GRKERNSEC_CHROOT_CHMOD ${boolToKernOpt cfg.config.denyChrootChmod}
         GRKERNSEC_DENYUSB ${boolToKernOpt cfg.config.denyUSB}
         GRKERNSEC_NO_RBAC ${boolToKernOpt cfg.config.disableRBAC}
-        ${restrictLinks}
 
         ${cfg.config.kernelExtraConfig}
       '';
@@ -136,7 +129,7 @@ let
 
     mkGrsecKern = grkern:
       lowPrio (overrideDerivation (grkern.kernel.override (args: {
-        kernelPatches = args.kernelPatches ++ [ grkern.patch pkgs.kernelPatches.grsec_fix_path ];
+        kernelPatches = args.kernelPatches ++ [ grkern.patch  ] ++ grkern.patches;
         argsOverride = {
           modDirVersion = "${grkern.kernel.modDirVersion}${localver grkern}";
         };
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-28 05:32:59 +0000