public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity module: remove code pertaining to zfs

Browse Source 
I don't know if it still the case that zfs fails to boot; either way,
that's the user's responsibility to contend with.
This commit is contained in:
Joachim Fasting 2016-11-20 22:10:34 +01:00
parent 98935c7103
commit 2eb6ec1bc4
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 0 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
nixos/modules/security/grsecurity.nix
View File

@ -6,14 +6,6 @@ let
cfg = config.security.grsecurity; cfg = config.security.grsecurity;
grsecLockPath = "/proc/sys/kernel/grsecurity/grsec_lock"; grsecLockPath = "/proc/sys/kernel/grsecurity/grsec_lock";
# Ascertain whether ZFS is required for booting the system; grsecurity is
# currently incompatible with ZFS, rendering the system unbootable.
zfsNeededForBoot = filter
(fs: (fs.neededForBoot
|| elem fs.mountPoint [ "/" "/nix" "/nix/store" "/var" "/var/log" "/var/lib" "/etc" ])
&& fs.fsType == "zfs")
config.system.build.fileSystems != [];
# Ascertain whether NixOS container support is required # Ascertain whether NixOS container support is required
containerSupportRequired = containerSupportRequired =
config.boot.enableContainers && config.containers != {}; config.boot.enableContainers && config.containers != {};
@ -132,11 +124,5 @@ in
"kernel.grsecurity.chroot_caps" = mkForce 0; "kernel.grsecurity.chroot_caps" = mkForce 0;
}; };
assertions = [
{ assertion = !zfsNeededForBoot;
message = "grsecurity is currently incompatible with ZFS";
}
];
}; };
} }