diff options
author | Graham Christensen <graham@grahamc.com> | 2019-07-19 16:12:52 -0400 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-19 16:12:52 -0400 |
commit | a46358204014f989661737cd12f9cbd79b1b5353 (patch) | |
tree | 298cb9b0482e0bce856cb047f75b5262dad269b2 /nixos/modules | |
parent | 2a669d3ee1308c7fd73f15beb35c0456ff9202bc (diff) | |
parent | e72f25673df16021bc91bfa6a92d10bacf33055b (diff) | |
download | nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar.gz nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar.bz2 nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar.lz nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar.xz nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.tar.zst nixpkgs-a46358204014f989661737cd12f9cbd79b1b5353.zip |
Merge pull request #65079 from mmahut/typo
Renaming security.virtualization.flushL1DataCache to virtualisation
Diffstat (limited to 'nixos/modules')
-rw-r--r-- | nixos/modules/profiles/hardened.nix | 2 | ||||
-rw-r--r-- | nixos/modules/rename.nix | 2 | ||||
-rw-r--r-- | nixos/modules/security/misc.nix | 8 |
3 files changed, 7 insertions, 5 deletions
diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix index 97279a78a57..29c3f2f8bbf 100644 --- a/nixos/modules/profiles/hardened.nix +++ b/nixos/modules/profiles/hardened.nix @@ -26,7 +26,7 @@ with lib; security.allowSimultaneousMultithreading = mkDefault false; - security.virtualization.flushL1DataCache = mkDefault "always"; + security.virtualisation.flushL1DataCache = mkDefault "always"; security.apparmor.enable = mkDefault true; diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix index f611a3992ed..4ae64222274 100644 --- a/nixos/modules/rename.nix +++ b/nixos/modules/rename.nix @@ -63,6 +63,8 @@ with lib; (mkRemovedOptionModule [ "security" "setuidOwners" ] "Use security.wrappers instead") (mkRemovedOptionModule [ "security" "setuidPrograms" ] "Use security.wrappers instead") + (mkRenamedOptionModule [ "security" "virtualization" "flushL1DataCache" ] [ "security" "virtualisation" "flushL1DataCache" ]) + # PAM (mkRenamedOptionModule [ "security" "pam" "enableU2F" ] [ "security" "pam" "u2f" "enable" ]) diff --git a/nixos/modules/security/misc.nix b/nixos/modules/security/misc.nix index bf474ac0a54..2a7f07ef6db 100644 --- a/nixos/modules/security/misc.nix +++ b/nixos/modules/security/misc.nix @@ -48,13 +48,13 @@ with lib; e.g., shared caches). This attack vector is unproven. Disabling SMT is a supplement to the L1 data cache flushing mitigation - (see <xref linkend="opt-security.virtualization.flushL1DataCache"/>) + (see <xref linkend="opt-security.virtualisation.flushL1DataCache"/>) versus malicious VM guests (SMT could "bring back" previously flushed data). ''; }; - security.virtualization.flushL1DataCache = mkOption { + security.virtualisation.flushL1DataCache = mkOption { type = types.nullOr (types.enum [ "never" "cond" "always" ]); default = null; description = '' @@ -114,8 +114,8 @@ with lib; boot.kernelParams = [ "nosmt" ]; }) - (mkIf (config.security.virtualization.flushL1DataCache != null) { - boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualization.flushL1DataCache}" ]; + (mkIf (config.security.virtualisation.flushL1DataCache != null) { + boot.kernelParams = [ "kvm-intel.vmentry_l1d_flush=${config.security.virtualisation.flushL1DataCache}" ]; }) ]; } |