From 130f6812be4a3ea5ea7ed5403f1741bf8ffe1e19 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sat, 4 Apr 2020 22:57:15 +0100
Subject: [PATCH] linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}

These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 75cfd68ef0d..50bc120ff0f 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -17,10 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version);
 assert (versionAtLeast version "4.9");
 
 optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
-  # Randomize position of kernel and memory.
-  RANDOMIZE_BASE   = yes;
-  RANDOMIZE_MEMORY = yes;
-
   # Disable legacy virtual syscalls by default (modern glibc use vDSO instead).
   #
   # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism,