pyrox.dev
Merge pull request #7148 from joachifm/grsec-trivial
grsecurity module: trivial improvements
+2
-8
nixos/modules/security/grsecurity.nix
+2
-8
nixos/modules/security/grsecurity.nix
···
112
112
<literal>kernel.grsecurity.grsec_lock</literal> to
113
113
non-zero as soon as all sysctl options are set. *THIS IS
114
114
EXTREMELY IMPORTANT*!
115
-
116
-
If disabled, this also turns off the
117
-
<literal>systemd-sysctl</literal> service.
118
115
'';
119
116
};
120
117
···
229
226
kernel 3.19) to continue.
230
227
'';
231
228
}
232
-
{ assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
233
-
message = ''
234
-
You must select either the stable or testing patch, not
235
-
both.
236
-
'';
229
+
{ assertion = !(cfg.stable && cfg.testing);
230
+
message = "Select either one of the stable or testing patch";
237
231
}
238
232
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
239
233
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);