pyrox.dev / nixpkgs
lol
fork atom

linux-copperhead: 4.14.12.a -> 4.14.13.a

Tim Steinbach eb0ecd7e b5b6656c

+5 -5
unified split
+1 -1
pkgs/os-specific/linux/kernel/common-config.nix
··· 343 344 # Security related features. 345 RANDOMIZE_BASE? y 346 - STRICT_DEVMEM y # Filter access to /dev/mem 347 SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default 348 SECURITY_YAMA? y # Prevent processes from ptracing non-children processes 349 DEVKMEM n # Disable /dev/kmem
··· 343 344 # Security related features. 345 RANDOMIZE_BASE? y 346 + STRICT_DEVMEM? y # Filter access to /dev/mem 347 SECURITY_SELINUX_BOOTPARAM_VALUE 0 # Disable SELinux by default 348 SECURITY_YAMA? y # Prevent processes from ptracing non-children processes 349 DEVKMEM n # Disable /dev/kmem
+2 -2
pkgs/os-specific/linux/kernel/hardened-config.nix
··· 61 DEBUG_WX y # boot-time warning on RWX mappings 62 63 # Stricter /dev/mem 64 - STRICT_DEVMEM y 65 - IO_STRICT_DEVMEM y 66 67 # Perform additional validation of commonly targeted structures. 68 DEBUG_CREDENTIALS y
··· 61 DEBUG_WX y # boot-time warning on RWX mappings 62 63 # Stricter /dev/mem 64 + STRICT_DEVMEM? y 65 + IO_STRICT_DEVMEM? y 66 67 # Perform additional validation of commonly targeted structures. 68 DEBUG_CREDENTIALS y
+2 -2
pkgs/os-specific/linux/kernel/linux-hardened-copperhead.nix
··· 3 with stdenv.lib; 4 5 let 6 - version = "4.14.12"; 7 revision = "a"; 8 - sha256 = "002a3c177fix472wqc89zrpfzwk60l7dn76l869ivgnd60n6wqb2"; 9 10 # modVersion needs to be x.y.z, will automatically add .0 if needed 11 modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));
··· 3 with stdenv.lib; 4 5 let 6 + version = "4.14.13"; 7 revision = "a"; 8 + sha256 = "08fvb1lllb0xkckw2y66g0j5z88kp877r51jj3kksfkvjfibjr0j"; 9 10 # modVersion needs to be x.y.z, will automatically add .0 if needed 11 modVersion = concatStrings (intersperse "." (take 3 (splitString "." "${version}.0")));