tjh.dev / nixpkgs
Clone of https://github.com/NixOS/nixpkgs.git (to stress-test knotserver)
fork atom

grsecurity: ensure that PaX ELF markings are enabled

The upstream default is to enable only xattr markings, breaking the
paxmarks facility.

(cherry picked from commit a69501a936a6434fbe88fb6a0423dd425563c163)

Joachim Fasting 2884d35e 1e97d62d

+4
unified split
+4
pkgs/build-support/grsecurity/default.nix
··· 90 90 GRKERNSEC y 91 91 ${grsecMainConfig} 92 92 93 + # The paxmarks mechanism relies on ELF header markings, but the default 94 + # grsecurity configuration only enables xattr markings 95 + PAX_PT_PAX_FLAGS y 96 + 93 97 ${if cfg.config.restrictProc then 94 98 "GRKERNSEC_PROC_USER y" 95 99 else