linux_hardened: enforce usercopy whitelisting

The default is to warn only
2018-04-29 12:00:16 +02:00 · 2018-04-29 12:00:16 +02:00 · 33615ccfa5
commit 33615ccfa5
parent cbc3afc655
1 changed files with 3 additions and 0 deletions
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@ -78,6 +78,9 @@ ${optionalString (versionAtLeast version "4.13") ''

 # Perform usercopy bounds checking.
 HARDENED_USERCOPY y
+${optionalString (versionAtLeast version "4.16") ''
+  HARDENED_USERCOPY_FALLBACK n
+''}

 # Randomize allocator freelists.
 SLAB_FREELIST_RANDOM y