public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

kernel-config: Grsecurity fixes

Browse Source
This commit is contained in:
William A. Kennington III 2015-05-15 17:38:09 -07:00
parent bca69399a8
commit 13a38440c6
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -234,7 +234,9 @@ with stdenv.lib;
# Security related features. # Security related features.
STRICT_DEVMEM y # Filter access to /dev/mem STRICT_DEVMEM y # Filter access to /dev/mem
SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default
DEVKMEM? n # Disable /dev/kmem ${optionalString (!features.grsecurity or true) ''
DEVKMEM n # Disable /dev/kmem
''}
${if versionOlder version "3.14" then '' ${if versionOlder version "3.14" then ''
CC_STACKPROTECTOR? y # Detect buffer overflows on the stack CC_STACKPROTECTOR? y # Detect buffer overflows on the stack
'' else '' '' else ''
@ -378,11 +380,13 @@ with stdenv.lib;
# Virtualisation. # Virtualisation.
PARAVIRT? y PARAVIRT? y
${if versionAtLeast version "3.10" then '' ${optionalString (!features.grsecurity or true)
HYPERVISOR_GUEST? y (if versionAtLeast version "3.10" then ''
'' else '' HYPERVISOR_GUEST y
PARAVIRT_GUEST? y '' else ''
''} PARAVIRT_GUEST? y
'')
}
KVM_APIC_ARCHITECTURE y KVM_APIC_ARCHITECTURE y
KVM_ASYNC_PF y KVM_ASYNC_PF y
${optionalString (versionOlder version "3.7") '' ${optionalString (versionOlder version "3.7") ''