commit b86f6a3ed6d4acf5e50411502efb9260c490bb0e · pyrox.dev/nixpkgs

pyrox.dev / nixpkgs

lol

fork atom

Merge pull request #7148 from joachifm/grsec-trivial

grsecurity module: trivial improvements

Austin Seipp 10 years ago b86f6a3e 409da39c

+2 -8

1 changed file

expand all

unified split

nixos

modules

security

grsecurity.nix

+2 -8

nixos/modules/security/grsecurity.nix

··· 112 <literal>kernel.grsecurity.grsec_lock</literal> to 113 non-zero as soon as all sysctl options are set. *THIS IS 114 EXTREMELY IMPORTANT*! 115 - 116 - If disabled, this also turns off the 117 - <literal>systemd-sysctl</literal> service. 118 ''; 119 }; 120 ··· 229 kernel 3.19) to continue. 230 ''; 231 } 232 - { assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable); 233 - message = '' 234 - You must select either the stable or testing patch, not 235 - both. 236 - ''; 237 } 238 { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || 239 (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);

··· 112 <literal>kernel.grsecurity.grsec_lock</literal> to 113 non-zero as soon as all sysctl options are set. *THIS IS 114 EXTREMELY IMPORTANT*! 115 ''; 116 }; 117 ··· 226 kernel 3.19) to continue. 227 ''; 228 } 229 + { assertion = !(cfg.stable && cfg.testing); 230 + message = "Select either one of the stable or testing patch"; 231 } 232 { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || 233 (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);