diff options
author | Joachim Fasting <joachifm@fastmail.fm> | 2016-05-17 05:20:04 +0200 |
---|---|---|
committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-06-10 19:27:41 +0200 |
commit | d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf (patch) | |
tree | f1244c05d57a9b8afd091f85bda95756c6523792 /pkgs/os-specific | |
parent | c1cb5ca57e4b067afaa13fd93ed1392ec84c9da2 (diff) | |
download | nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar.gz nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar.bz2 nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar.lz nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar.xz nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.tar.zst nixpkgs-d8e4432fe26c2b9aaa4eedfb17d77d0cbd9492cf.zip |
kernel: unconditionally disable /dev/kmem
This was presumably set for grsecurity compatibility, but now appears redundant. Grsecurity does not expect nor require /dev/kmem to be present and so it makes little sense to continue making its inclusion in the standard kernel dependent on grsecurity. More generally, given the large number of possible grsecurity configurations, it is unclear what `features.grsecurity` even *means* and its use should be discouraged.
Diffstat (limited to 'pkgs/os-specific')
-rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 3ce65a3f6e1..bd0bd142486 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -261,9 +261,7 @@ with stdenv.lib; # Security related features. STRICT_DEVMEM y # Filter access to /dev/mem SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default - ${optionalString (!(features.grsecurity or false)) '' - DEVKMEM n # Disable /dev/kmem - ''} + DEVKMEM n # Disable /dev/kmem ${if versionOlder version "3.14" then '' CC_STACKPROTECTOR? y # Detect buffer overflows on the stack '' else '' |