JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

grsecurity: enable support for setting pax flags via xattrs

Browse Source 
While useless for binaries within the Nix store, user xattrs are a convenient
alternative for setting PaX flags to executables outside of the store.

To use disable secure memory protections for a non-store file foo, do
  $ setfattr -n user.pax.flags -v em foo
This commit is contained in:
Joachim Fasting 2016-07-16 16:58:15 +02:00
parent 33932304e1
commit c93ffb95bc
No known key found for this signature in database
GPG Key ID: 4330820E1E04DCF4
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
View File

@ -14,7 +14,7 @@ GRKERNSEC_CONFIG_VIRT_KVM y
GRKERNSEC_CONFIG_PRIORITY_SECURITY y
PAX_PT_PAX_FLAGS y
PAX_XATTR_PAX_FLAGS n
PAX_XATTR_PAX_FLAGS y
PAX_EI_PAX n
GRKERNSEC_PROC_GID 0