Skip to content
This repository was archived by the owner on Apr 12, 2021. It is now read-only.
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b273e63752fa
Choose a base ref
...
head repository: NixOS/nixpkgs-channels
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 315da196c6ad
Choose a head ref
  • 3 commits
  • 1 file changed
  • 2 contributors

Commits on Jul 10, 2018

  1. linux-hardened: Adjust for Linux 4.17 

    (cherry picked from commit 4f3ba3b)
    @NeQuissimus @xeji
    NeQuissimus authored and xeji committed Jul 10, 2018
    Copy the full SHA
    ba00e91 View commit details

  2. linux-hardened: Adjust config for 4.17.4 

    (cherry picked from commit a4d56d0)
    @NeQuissimus @xeji
    NeQuissimus authored and xeji committed Jul 10, 2018
    Copy the full SHA
    1fd6aaa View commit details

  3. Merge #43279: linux-hardened: Adjust for Linux 4.17

    @vcunat
    vcunat committed Jul 10, 2018
    Copy the full SHA
    315da19 View commit details
Showing with 6 additions and 1 deletion.
  1. +6 −1 pkgs/os-specific/linux/kernel/hardened-config.nix
7 changes: 6 additions & 1 deletion pkgs/os-specific/linux/kernel/hardened-config.nix
View file
Original file line number Diff line number Diff line change
@@ -28,7 +28,9 @@ ${optionalString (stdenv.platform.kernelArch == "x86_64") ''
# Reduce attack surface by disabling various emulations
IA32_EMULATION n
X86_X32 n
MODIFY_LDT_SYSCALL? n
${optionalString (versionOlder version "4.17") ''
MODIFY_LDT_SYSCALL? n
''}
VMAP_STACK y # Catch kernel stack overflows
@@ -55,6 +57,9 @@ ${optionalString (versionOlder version "4.11") ''
# via the selinux=0 boot parameter.
${optionalString (versionAtLeast version "4.12") ''
SECURITY_SELINUX_DISABLE n
''}
${optionalString ((versionAtLeast version "4.12") && (versionOlder version "4.17")) ''
SECURITY_WRITABLE_HOOKS n
''}