public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linux_*_hardened: don't set {,IO_}STRICT_DEVMEM

Browse Source 
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb66.

Note that anthraxx/linux-hardened@db1d27e10e
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
This commit is contained in:
Emily 2020-04-04 23:02:31 +01:00
parent 303bb60fb1
commit 0611462e33
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/os-specific/linux/kernel/hardened-config.nix
View File

@ -37,10 +37,6 @@ assert (versionAtLeast version "4.9");
STRICT_KERNEL_RWX = whenAtLeast "4.11" yes; STRICT_KERNEL_RWX = whenAtLeast "4.11" yes;
# Stricter /dev/mem
STRICT_DEVMEM = option yes;
IO_STRICT_DEVMEM = option yes;
# Perform additional validation of commonly targeted structures. # Perform additional validation of commonly targeted structures.
DEBUG_CREDENTIALS = yes; DEBUG_CREDENTIALS = yes;
DEBUG_NOTIFIERS = yes; DEBUG_NOTIFIERS = yes;