From c93ffb95bcebd6b64713df8dc07b0c77c9bb858e Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Sat, 16 Jul 2016 16:58:15 +0200 Subject: [PATCH] grsecurity: enable support for setting pax flags via xattrs While useless for binaries within the Nix store, user xattrs are a convenient alternative for setting PaX flags to executables outside of the store. To use disable secure memory protections for a non-store file foo, do $ setfattr -n user.pax.flags -v em foo --- pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix index 894f2d8e364..67bad8aeb40 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -14,7 +14,7 @@ GRKERNSEC_CONFIG_VIRT_KVM y GRKERNSEC_CONFIG_PRIORITY_SECURITY y PAX_PT_PAX_FLAGS y -PAX_XATTR_PAX_FLAGS n +PAX_XATTR_PAX_FLAGS y PAX_EI_PAX n GRKERNSEC_PROC_GID 0