From 3d4c8ae901585b3ad9de8a68df6c3ebaa4bde4df Mon Sep 17 00:00:00 2001 From: Emily Date: Sun, 5 Apr 2020 05:28:38 +0100 Subject: [PATCH] linux_*_hardened: don't set VMAP_STACK This has been on by default upstream for as long as it's been an option. --- pkgs/os-specific/linux/kernel/hardened-config.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix index 7e6f514e19f..302170f2f5c 100644 --- a/pkgs/os-specific/linux/kernel/hardened-config.nix +++ b/pkgs/os-specific/linux/kernel/hardened-config.nix @@ -22,7 +22,6 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") { # Note: this config depends on EXPERT y and so will not take effect, hence # it is left "optional" for now. MODIFY_LDT_SYSCALL = option no; - VMAP_STACK = yes; # Catch kernel stack overflows # Randomize position of kernel and memory. RANDOMIZE_BASE = yes;