summary refs log tree commit diff
diff options
context:
space:
mode:
authorEmily <vcs@emily.moe>2020-04-04 23:02:31 +0100
committerEmily <vcs@emily.moe>2020-04-17 16:13:39 +0100
commit0611462e3350df51a1eeab9fa72d181730105cb9 (patch)
treecf10079c7652bc54c630a8274b9174416297ee2e
parent303bb60fb1c5332e478d684cdf382245e57db8a5 (diff)
downloadnixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar.gz
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar.bz2
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar.lz
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar.xz
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.tar.zst
nixpkgs-0611462e3350df51a1eeab9fa72d181730105cb9.zip
linux_*_hardened: don't set {,IO_}STRICT_DEVMEM
STRICT_DEVMEM is on by default in upstream 5.6.2; IO_STRICT_DEVMEM is
turned on by anthraxx/linux-hardened@103d23cb6645c1110fa33f2ce1ed1bba2b094081.

Note that anthraxx/linux-hardened@db1d27e10e0e624632ecda9e72abb9ab126da4ce
disables DEVMEM by default, so this is only relevant if that default is
overridden to turn it back on.
Diffstat
-rw-r--r--pkgs/os-specific/linux/kernel/hardened-config.nix4
1 files changed, 0 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 4e1c79b477e..14503854d3e 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -37,10 +37,6 @@ assert (versionAtLeast version "4.9");
 
   STRICT_KERNEL_RWX = whenAtLeast "4.11" yes;
 
-  # Stricter /dev/mem
-  STRICT_DEVMEM    = option yes;
-  IO_STRICT_DEVMEM = option yes;
-
   # Perform additional validation of commonly targeted structures.
   DEBUG_CREDENTIALS     = yes;
   DEBUG_NOTIFIERS       = yes;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-18 21:55:12 +0000