From 00ab8e84c672fbf4b9a97ddc3ff94863ac7f14b8 Mon Sep 17 00:00:00 2001
From: Franz Pletz <fpletz@fnordicwalking.de>
Date: Fri, 20 Jan 2017 17:46:44 +0100
Subject: [PATCH] doc: improve hardening docs

Fixes #18887.
---
 doc/stdenv.xml | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/doc/stdenv.xml b/doc/stdenv.xml
index 68441ea9393..44a0e4601fc 100644
--- a/doc/stdenv.xml
+++ b/doc/stdenv.xml
@@ -1401,8 +1401,15 @@ These can be toggled using the <varname>stdenv.mkDerivation</varname> parameters
 <varname>hardeningDisable</varname> and <varname>hardeningEnable</varname>.
 </para>
 
-<para>The following flags are enabled by default and might require disabling
-if the program to package is incompatible.
+<para>
+Both parameters take a list of flags as strings. The special
+<varname>"all"</varname> flag can be passed to <varname>hardeningDisable</varname>
+to turn off all hardening. These flags can also be used as environment variables
+for testing or development purposes.
+</para>
+
+<para>The following flags are enabled by default and might require disabling with
+<varname>hardeningDisable</varname> if the program to package is incompatible.
 </para>
 
 <variablelist>
@@ -1563,7 +1570,8 @@ intel_drv.so: undefined symbol: vgaHWFreeHWRec
 </variablelist>
 
 <para>The following flags are disabled by default and should be enabled
-for packages that take untrusted input, like network services.
+with <varname>hardeningEnable</varname> for packages that take untrusted
+input like network services.
 </para>
 
 <variablelist>