diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2017-05-12 18:38:27 +0200 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2017-05-14 15:08:51 +0200 |
| commit | e6c65ecb12c58cfa043d9cfa6db31b9920603588 (patch) | |
| tree | 5e33322042ce3aa40c5a6739f04fa79ba4d81d75 | |
| parent | f7580a1f0659a0d44e3f9925bbbab82741ae1e8a (diff) | |
| download | nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar.gz nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar.bz2 nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar.lz nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar.xz nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.tar.zst nixpkgs-e6c65ecb12c58cfa043d9cfa6db31b9920603588.zip | |
tree-wide: remove uses of features.grsecurity
| -rw-r--r-- | nixos/modules/config/sysctl.nix | 5 | ||||
| -rw-r--r-- | pkgs/development/libraries/accelio/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/batman-adv/default.nix | 1 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel-headers/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/lttng-modules/default.nix | 1 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/rtl8723bs/default.nix | 3 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/rtl8812au/default.nix | 1 | ||||
| -rw-r--r-- | pkgs/servers/openafs-client/default.nix | 3 |
8 files changed, 4 insertions, 15 deletions
diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix index a3f7e8f722f..2114fb2b9d4 100644 --- a/nixos/modules/config/sysctl.nix +++ b/nixos/modules/config/sysctl.nix @@ -60,10 +60,7 @@ in # Hide kernel pointers (e.g. in /proc/modules) for unprivileged # users as these make it easier to exploit kernel vulnerabilities. - # - # Removed under grsecurity. - boot.kernel.sysctl."kernel.kptr_restrict" = - if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1; + boot.kernel.sysctl."kernel.kptr_restrict" = 1; # Disable YAMA by default to allow easy debugging. boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0; diff --git a/pkgs/development/libraries/accelio/default.nix b/pkgs/development/libraries/accelio/default.nix index 002b26078f5..a1f229ca5fb 100644 --- a/pkgs/development/libraries/accelio/default.nix +++ b/pkgs/development/libraries/accelio/default.nix @@ -59,7 +59,6 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ wkennington ]; # kernel 4.2 is the most recent supported kernel broken = kernel != null && - (builtins.compareVersions kernel.version "4.2" == 1 || - (kernel.features.grsecurity or false)); + (builtins.compareVersions kernel.version "4.2" == 1); }; } diff --git a/pkgs/os-specific/linux/batman-adv/default.nix b/pkgs/os-specific/linux/batman-adv/default.nix index 1449d85fc16..a48909685d7 100644 --- a/pkgs/os-specific/linux/batman-adv/default.nix +++ b/pkgs/os-specific/linux/batman-adv/default.nix @@ -26,6 +26,5 @@ stdenv.mkDerivation rec { license = stdenv.lib.licenses.gpl2; maintainers = with stdenv.lib.maintainers; [ viric fpletz ]; platforms = with stdenv.lib.platforms; linux; - broken = (kernel.features.grsecurity or false); }; } diff --git a/pkgs/os-specific/linux/kernel-headers/default.nix b/pkgs/os-specific/linux/kernel-headers/default.nix index da9f3009474..a33d24fc847 100644 --- a/pkgs/os-specific/linux/kernel-headers/default.nix +++ b/pkgs/os-specific/linux/kernel-headers/default.nix @@ -1,7 +1,5 @@ { stdenv, kernel, perl }: -assert (!(kernel.features.grsecurity or false)); - let baseBuildFlags = [ "INSTALL_HDR_PATH=$(out)" "headers_install" ]; in stdenv.mkDerivation { diff --git a/pkgs/os-specific/linux/lttng-modules/default.nix b/pkgs/os-specific/linux/lttng-modules/default.nix index 3bb61227fe4..2f5b50b3b58 100644 --- a/pkgs/os-specific/linux/lttng-modules/default.nix +++ b/pkgs/os-specific/linux/lttng-modules/default.nix @@ -31,7 +31,6 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.bjornfor ]; broken = (builtins.compareVersions kernel.version "3.18" == -1) || - (kernel.features.grsecurity or false) || (kernel.features.chromiumos or false); }; diff --git a/pkgs/os-specific/linux/rtl8723bs/default.nix b/pkgs/os-specific/linux/rtl8723bs/default.nix index 05dd0f8ebb9..eb90ac30344 100644 --- a/pkgs/os-specific/linux/rtl8723bs/default.nix +++ b/pkgs/os-specific/linux/rtl8723bs/default.nix @@ -35,8 +35,7 @@ stdenv.mkDerivation rec { homepage = "https://github.com/hadess/rtl8723bs"; license = stdenv.lib.licenses.gpl2; platforms = stdenv.lib.platforms.linux; - broken = (! versionAtLeast kernel.version "3.19") - || (kernel.features.grsecurity or false); + broken = (! versionAtLeast kernel.version "3.19"); maintainers = with maintainers; [ elitak ]; }; } diff --git a/pkgs/os-specific/linux/rtl8812au/default.nix b/pkgs/os-specific/linux/rtl8812au/default.nix index 6b1e93e59df..93c8e5b7ae4 100644 --- a/pkgs/os-specific/linux/rtl8812au/default.nix +++ b/pkgs/os-specific/linux/rtl8812au/default.nix @@ -31,6 +31,5 @@ stdenv.mkDerivation rec { homepage = "https://github.com/Grawp/rtl8812au_rtl8821au"; license = stdenv.lib.licenses.gpl2; platforms = [ "x86_64-linux" "i686-linux" ]; - broken = (kernel.features.grsecurity or false); }; } diff --git a/pkgs/servers/openafs-client/default.nix b/pkgs/servers/openafs-client/default.nix index 6383ce12bc1..fe7a34e0be8 100644 --- a/pkgs/servers/openafs-client/default.nix +++ b/pkgs/servers/openafs-client/default.nix @@ -48,7 +48,6 @@ stdenv.mkDerivation rec { maintainers = [ maintainers.z77z ]; broken = (builtins.compareVersions kernel.version "3.18" == -1) || - (builtins.compareVersions kernel.version "4.4" != -1) || - (kernel.features.grsecurity or false); + (builtins.compareVersions kernel.version "4.4" != -1); }; } |