public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/virtualbox: Disable hardening for now. 

This should display a big fat warning that people can hardly miss until
we have fixed the issues with the host-only-interfaces that persist when
hardining is enabled.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
This commit is contained in:
aszlig 2014-12-15 18:50:55 +01:00
parent d9ce3ae57f
commit 5d67b17901
No known key found for this signature in database
GPG Key ID: D0EBD0EC8C2DC961
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/programs/virtualbox-host.nix
View File

@ -35,7 +35,7 @@ in
enableHardening = mkOption { enableHardening = mkOption {
type = types.bool; type = types.bool;
default = true; default = false;
description = '' description = ''
Enable hardened VirtualBox, which ensures that only the binaries in the Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules system path get access to the devices exposed by the kernel modules
@ -54,6 +54,13 @@ in
boot.extraModulePackages = [ virtualbox ]; boot.extraModulePackages = [ virtualbox ];
environment.systemPackages = [ virtualbox ]; environment.systemPackages = [ virtualbox ];
warnings = singleton (
"Hardening is currently disabled for VirtualBox, because of some " +
"issues in conjunction with host-only-interfaces. If you don't use " +
"hostonlyifs, it's strongly recommended to set " +
"`services.virtualboxHost.enableHardening = true'!"
);
security.setuidOwners = let security.setuidOwners = let
mkVboxStub = program: { mkVboxStub = program: {
inherit program; inherit program;