diff options
author | github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> | 2023-07-14 18:01:25 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-07-14 18:01:25 +0000 |
commit | 0f179253f198d00e7f74ac7a854cc99a4939b5b8 (patch) | |
tree | 2af9c21c0b89bf0cfe64a5e8bfd51adec1e9821e /pkgs/os-specific | |
parent | 781017eaf11e9d808787f74cea7c4d4c32cc5ceb (diff) | |
parent | 75cfb4925a74900b0ab7636d605869806235ad0d (diff) | |
download | nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar.gz nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar.bz2 nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar.lz nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar.xz nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.tar.zst nixpkgs-0f179253f198d00e7f74ac7a854cc99a4939b5b8.zip |
Merge master into staging-next
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/config.nix | 2 | ||||
-rw-r--r-- | pkgs/os-specific/linux/kernel/hardened/patches.json | 10 |
2 files changed, 11 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened/config.nix b/pkgs/os-specific/linux/kernel/hardened/config.nix index 3f23b8c1344..92192eb79f8 100644 --- a/pkgs/os-specific/linux/kernel/hardened/config.nix +++ b/pkgs/os-specific/linux/kernel/hardened/config.nix @@ -28,7 +28,7 @@ assert (versionAtLeast version "4.9"); # # We set SECURITY_WRITABLE_HOOKS n primarily for documentation purposes; the # config builder fails to detect that it has indeed been unset. - SECURITY_SELINUX_DISABLE = no; + SECURITY_SELINUX_DISABLE = whenOlder "6.4" no; # On 6.4: error: unused option: SECURITY_SELINUX_DISABLE SECURITY_WRITABLE_HOOKS = option no; STRICT_KERNEL_RWX = yes; diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 361f3dc80cd..d61e13b25ae 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -68,5 +68,15 @@ }, "sha256": "1mvcirkhqnf03cci3jiq077fs9b42a3xdk3zjkpyim3x43ydwzyb", "version": "6.3.12" + }, + "6.4": { + "patch": { + "extra": "-hardened1", + "name": "linux-hardened-6.4.3-hardened1.patch", + "sha256": "1xwy9088f8qy7algv1gad90gd6sv03diz16jvfnk2yb01k4f87wv", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/6.4.3-hardened1/linux-hardened-6.4.3-hardened1.patch" + }, + "sha256": "18c8ikghvlr6h9jajy11dldck4h57wl301j14rxg7xhd6qlysd3i", + "version": "6.4.3" } } |