JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

doc: improve hardening docs

Browse Source 
Fixes #18887.
This commit is contained in:
Franz Pletz 2017-01-20 17:46:44 +01:00
parent 305e3e27b6
commit 00ab8e84c6
No known key found for this signature in database
GPG Key ID: 846FDED7792617B4
1 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/stdenv.xml
View File

@ -1401,8 +1401,15 @@ These can be toggled using the <varname>stdenv.mkDerivation</varname> parameters
<varname>hardeningDisable</varname> and <varname>hardeningEnable</varname>. <varname>hardeningDisable</varname> and <varname>hardeningEnable</varname>.
</para> </para>
<para>The following flags are enabled by default and might require disabling <para>
if the program to package is incompatible. Both parameters take a list of flags as strings. The special
<varname>"all"</varname> flag can be passed to <varname>hardeningDisable</varname>
to turn off all hardening. These flags can also be used as environment variables
for testing or development purposes.
</para>
<para>The following flags are enabled by default and might require disabling with
<varname>hardeningDisable</varname> if the program to package is incompatible.
</para> </para>
<variablelist> <variablelist>
@ -1563,7 +1570,8 @@ intel_drv.so: undefined symbol: vgaHWFreeHWRec
</variablelist> </variablelist>
<para>The following flags are disabled by default and should be enabled <para>The following flags are disabled by default and should be enabled
for packages that take untrusted input, like network services. with <varname>hardeningEnable</varname> for packages that take untrusted
input like network services.
</para> </para>
<variablelist> <variablelist>