From 1801aad7b889e1acd3b2f41046852ae78f61a32d Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 5 Jan 2019 13:24:54 +0100
Subject: [PATCH] hardened-config: clarify MODIFY_LDT_SYSCALL

This likely never worked; MODIFY_LDT_SYSCALL depends on EXPERT; enabling
EXPERT however seems to introduce quite a few changes that would need to be
properly vetted.

The version guard is unnecessary, however, as this config has been supported
since 4.3.
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 13db3873e62..6ae0108b3f0 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -28,9 +28,9 @@ ${optionalString (stdenv.hostPlatform.platform.kernelArch == "x86_64") ''
   # Reduce attack surface by disabling various emulations
   IA32_EMULATION n
   X86_X32 n
-  ${optionalString (versionOlder version "4.17") ''
-    MODIFY_LDT_SYSCALL? n
-  ''}
+  # Note: this config depends on EXPERT y and so will not take effect, hence
+  # it is left "optional" for now.
+  MODIFY_LDT_SYSCALL? n
 
   VMAP_STACK y # Catch kernel stack overflows