pyrox.dev
lol
grsecurity: optionally disable features for redistributed kernels
+7
+7
pkgs/build-support/grsecurity/default.nix
+7
pkgs/build-support/grsecurity/default.nix
···
15
15
unrestrictProcGid = 121; # Ugh, an awful hack. See grsecurity NixOS gid
16
16
disableRBAC = false;
17
17
disableSimultConnect = false;
18
+
redistKernel = true;
18
19
verboseVersion = false;
19
20
kernelExtraConfig = "";
20
21
} // grsecOptions.config;
···
90
91
in ''
91
92
GRKERNSEC y
92
93
${grsecMainConfig}
94
+
95
+
# Disable features rendered useless by redistributing the kernel
96
+
${optionalString cfg.config.redistKernel ''
97
+
GRKERNSEC_RANDSTRUCT n
98
+
GRKERNSEC_HIDESYM n
99
+
''}
93
100
94
101
# The paxmarks mechanism relies on ELF header markings, but the default
95
102
# grsecurity configuration only enables xattr markings