public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity module: enforce size overflows by default

Browse Source 
It is better to make this conditional on whether the configuration contains a
known size overflow that could prevent the system from booting.
This commit is contained in:
Joachim Fasting 2016-07-14 15:42:54 +02:00
parent e04019d690
commit c606b9876f
No known key found for this signature in database
GPG Key ID: 4330820E1E04DCF4
1 changed files with 0 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/modules/security/grsecurity.nix
View File

@ -48,10 +48,6 @@ in
(isYES "GRKERNSEC_SYSCTL_DISTRO") (isYES "GRKERNSEC_SYSCTL_DISTRO")
]; ];
# Crashing on an overflow in kernel land is user unfriendly and may prevent
# the system from booting, which is too severe for our use case.
boot.kernelParams = [ "pax_size_overflow_report_only" ];
# Install PaX related utillities into the system profile. Eventually, we # Install PaX related utillities into the system profile. Eventually, we
# also want to include gradm here. # also want to include gradm here.
environment.systemPackages = with pkgs; [ paxctl pax-utils ]; environment.systemPackages = with pkgs; [ paxctl pax-utils ];