From c606b9876fbcbfa2aa8360a5a2d808c80d3a2759 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Thu, 14 Jul 2016 15:42:54 +0200
Subject: [PATCH] grsecurity module: enforce size overflows by default

It is better to make this conditional on whether the configuration contains a
known size overflow that could prevent the system from booting.
---
 nixos/modules/security/grsecurity.nix | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index 9d0249820d5..ee5881d2872 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -48,10 +48,6 @@ in
         (isYES "GRKERNSEC_SYSCTL_DISTRO")
       ];
 
-    # Crashing on an overflow in kernel land is user unfriendly and may prevent
-    # the system from booting, which is too severe for our use case.
-    boot.kernelParams = [ "pax_size_overflow_report_only" ];
-
     # Install PaX related utillities into the system profile.  Eventually, we
     # also want to include gradm here.
     environment.systemPackages = with pkgs; [ paxctl pax-utils ];