grsecurity: make GRKERNSEC y and PAX y implicit
These options should always be specified. Note, an implication of this change is that not specifying any grsec/PaX options results in a build failure.
This commit is contained in:
parent
a58f5ffbb9
commit
1bb7b44cd7
@ -208,8 +208,6 @@
|
||||
let
|
||||
kernel = pkgs.linux_grsec_nixos.override {
|
||||
extraConfig = ''
|
||||
GRKERNSEC y
|
||||
PAX y
|
||||
GRKERNSEC_CONFIG_AUTO y
|
||||
GRKERNSEC_CONFIG_SERVER y
|
||||
GRKERNSEC_CONFIG_SECURITY y
|
||||
|
@ -22,7 +22,11 @@ assert (kernel.version == grsecPatch.kver);
|
||||
overrideDerivation (kernel.override {
|
||||
inherit modDirVersion;
|
||||
kernelPatches = [ grsecPatch ] ++ kernelPatches ++ (kernel.kernelPatches or []);
|
||||
inherit extraConfig;
|
||||
extraConfig = ''
|
||||
GRKERNSEC y
|
||||
PAX y
|
||||
${extraConfig}
|
||||
'';
|
||||
ignoreConfigErrors = true;
|
||||
}) (attrs: {
|
||||
nativeBuildInputs = (lib.chooseDevOutputs [ gmp libmpc mpfr ]) ++ (attrs.nativeBuildInputs or []);
|
||||
|
@ -3,9 +3,6 @@
|
||||
with stdenv.lib;
|
||||
|
||||
''
|
||||
GRKERNSEC y
|
||||
PAX y
|
||||
|
||||
GRKERNSEC_CONFIG_AUTO y
|
||||
GRKERNSEC_CONFIG_DESKTOP y
|
||||
GRKERNSEC_CONFIG_VIRT_HOST y
|
||||
|
@ -10955,8 +10955,6 @@ in
|
||||
# An unsupported grsec xen guest kernel
|
||||
linux_grsec_server_xen = linux_grsec_nixos.override {
|
||||
extraConfig = ''
|
||||
GRKERNSEC y
|
||||
PAX y
|
||||
GRKERNSEC_CONFIG_AUTO y
|
||||
GRKERNSEC_CONFIG_PRIORITY_SECURITY y
|
||||
GRKERNSEC_CONFIG_SERVER y
|
||||
|
Loading…
Reference in New Issue
Block a user