diff options
| -rw-r--r-- | pkgs/os-specific/linux/anbox/kmod.nix | 2 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/common-config.nix | 10 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/kernel/generic.nix | 1 |
3 files changed, 6 insertions, 7 deletions
diff --git a/pkgs/os-specific/linux/anbox/kmod.nix b/pkgs/os-specific/linux/anbox/kmod.nix index f62e6ee6aa5..1ed6d9c5f72 100644 --- a/pkgs/os-specific/linux/anbox/kmod.nix +++ b/pkgs/os-specific/linux/anbox/kmod.nix @@ -36,7 +36,7 @@ stdenv.mkDerivation { homepage = "https://github.com/anbox/anbox-modules"; license = licenses.gpl2; platforms = platforms.linux; - broken = (versionOlder kernel.version "4.4") || (kernel.features.grsecurity or false); + broken = (versionOlder kernel.version "4.4"); maintainers = with maintainers; [ edwtjo ]; }; diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index 488aa30c54a..213f344add1 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -12,7 +12,7 @@ # Configuration { lib, stdenv, version -, features ? { grsecurity = false; } +, features ? {} }: with lib; @@ -42,7 +42,7 @@ let TIMER_STATS = whenOlder "4.11" yes; DEBUG_NX_TEST = whenOlder "4.11" no; DEBUG_STACK_USAGE = no; - DEBUG_STACKOVERFLOW = mkIf (!features.grsecurity) (option no); + DEBUG_STACKOVERFLOW = option no; RCU_TORTURE_TEST = no; SCHEDSTATS = no; DETECT_HUNG_TASK = yes; @@ -443,7 +443,7 @@ let SECURITY_SELINUX_BOOTPARAM_VALUE = whenOlder "5.1" (freeform "0"); # Disable SELinux by default # Prevent processes from ptracing non-children processes SECURITY_YAMA = option yes; - DEVKMEM = mkIf (!features.grsecurity) no; # Disable /dev/kmem + DEVKMEM = no; # Disable /dev/kmem USER_NS = yes; # Support for user namespaces @@ -523,7 +523,7 @@ let virtualisation = { PARAVIRT = option yes; - HYPERVISOR_GUEST = mkIf (!features.grsecurity) yes; + HYPERVISOR_GUEST = yes; PARAVIRT_SPINLOCKS = option yes; KVM_APIC_ARCHITECTURE = whenOlder "4.8" yes; @@ -531,7 +531,7 @@ let KVM_COMPAT = { optional = true; tristate = whenBetween "4.0" "4.12" "y"; }; KVM_DEVICE_ASSIGNMENT = { optional = true; tristate = whenBetween "3.10" "4.12" "y"; }; KVM_GENERIC_DIRTYLOG_READ_PROTECT = whenAtLeast "4.0" yes; - KVM_GUEST = mkIf (!features.grsecurity) yes; + KVM_GUEST = yes; KVM_MMIO = yes; KVM_VFIO = yes; KSM = yes; diff --git a/pkgs/os-specific/linux/kernel/generic.nix b/pkgs/os-specific/linux/kernel/generic.nix index 4518b5a336b..1c289d86002 100644 --- a/pkgs/os-specific/linux/kernel/generic.nix +++ b/pkgs/os-specific/linux/kernel/generic.nix @@ -72,7 +72,6 @@ let efiBootStub = true; needsCifsUtils = true; netfilterRPFilter = true; - grsecurity = false; ia32Emulation = true; } // features) kernelPatches; |