grsecurity: make GRKERNSEC y and PAX y implicit

These options should always be specified. Note, an implication of this
change is that not specifying any grsec/PaX options results in a build
failure.
This commit is contained in:
Joachim Fasting 2016-10-02 18:30:15 +02:00
parent a58f5ffbb9
commit 1bb7b44cd7
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
4 changed files with 5 additions and 8 deletions

View File

@ -208,8 +208,6 @@
let
kernel = pkgs.linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
GRKERNSEC_CONFIG_AUTO y
GRKERNSEC_CONFIG_SERVER y
GRKERNSEC_CONFIG_SECURITY y

View File

@ -22,7 +22,11 @@ assert (kernel.version == grsecPatch.kver);
overrideDerivation (kernel.override {
inherit modDirVersion;
kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
inherit extraConfig;
extraConfig = ''
GRKERNSEC y
PAX y
${extraConfig}
'';
ignoreConfigErrors = true;
}) (attrs: {
nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);

View File

@ -3,9 +3,6 @@
with stdenv.lib;
''
GRKERNSEC y
PAX y
GRKERNSEC_CONFIG_AUTO y
GRKERNSEC_CONFIG_DESKTOP y
GRKERNSEC_CONFIG_VIRT_HOST y

View File

@ -10955,8 +10955,6 @@ in
# An unsupported grsec xen guest kernel
linux_grsec_server_xen = linux_grsec_nixos.override {
extraConfig = ''
GRKERNSEC y
PAX y
GRKERNSEC_CONFIG_AUTO y
GRKERNSEC_CONFIG_PRIORITY_SECURITY y
GRKERNSEC_CONFIG_SERVER y