public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}

Browse Source 
These are on by default for x86 in upstream linux-5.6.2, and turned on
for arm64 by anthraxx/linux-hardened@90f9670bc3.
This commit is contained in:
Emily 2020-04-04 22:57:15 +01:00
parent 8c68055432
commit 130f6812be
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/os-specific/linux/kernel/hardened-config.nix
View File

@ -17,10 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version);
assert (versionAtLeast version "4.9"); assert (versionAtLeast version "4.9");
optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
# Randomize position of kernel and memory.
RANDOMIZE_BASE = yes;
RANDOMIZE_MEMORY = yes;
# Disable legacy virtual syscalls by default (modern glibc use vDSO instead). # Disable legacy virtual syscalls by default (modern glibc use vDSO instead).
# #
# Note that the vanilla default is to *emulate* the legacy vsyscall mechanism, # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism,