From ca7cc96ee8153b61afdfc8ebdb14ff064e3649af Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Fri, 9 Dec 2016 12:08:21 +0100 Subject: [PATCH] grsecurity: enable PAX_INITIFY Uses gcc plugin to detect more instances where memory used during init can be freed. --- pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix index 64722635f41..895c0ec42ef 100644 --- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix +++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix @@ -22,6 +22,10 @@ PAX_PT_PAX_FLAGS y PAX_XATTR_PAX_FLAGS y PAX_EI_PAX n +PAX_INITIFY y +# initify is a fairly recent feature, enable verbose mode to aid in debugging +PAX_INITIFY_VERBOSE y + # The bts instrumentation method is compatible with binary only modules. # # Note: if platform supports SMEP, we could do without this