@ -60,10 +60,7 @@ in
# Hide kernel pointers (e.g. in /proc/modules) for unprivileged
# users as these make it easier to exploit kernel vulnerabilities.
#
# Removed under grsecurity.
boot.kernel.sysctl."kernel.kptr_restrict" =
if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
boot.kernel.sysctl."kernel.kptr_restrict" = 1;
# Disable YAMA by default to allow easy debugging.
boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
@ -59,7 +59,6 @@ stdenv.mkDerivation rec {
maintainers = with maintainers; [ wkennington ];
# kernel 4.2 is the most recent supported kernel
broken = kernel != null &&
(builtins.compareVersions kernel.version "4.2" == 1 ||
(kernel.features.grsecurity or false));
(builtins.compareVersions kernel.version "4.2" == 1);
};
}
@ -26,6 +26,5 @@ stdenv.mkDerivation rec {
license = stdenv.lib.licenses.gpl2;
maintainers = with stdenv.lib.maintainers; [ viric fpletz ];
platforms = with stdenv.lib.platforms; linux;
broken = (kernel.features.grsecurity or false);
@ -1,7 +1,5 @@
{ stdenv, kernel, perl }:
assert (!(kernel.features.grsecurity or false));
let
baseBuildFlags = [ "INSTALL_HDR_PATH=$(out)" "headers_install" ];
in stdenv.mkDerivation {
@ -31,7 +31,6 @@ stdenv.mkDerivation rec {
maintainers = [ maintainers.bjornfor ];
broken =
(builtins.compareVersions kernel.version "3.18" == -1) ||
(kernel.features.grsecurity or false) ||
(kernel.features.chromiumos or false);
@ -35,8 +35,7 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/hadess/rtl8723bs";
platforms = stdenv.lib.platforms.linux;
broken = (! versionAtLeast kernel.version "3.19")
|| (kernel.features.grsecurity or false);
broken = (! versionAtLeast kernel.version "3.19");
maintainers = with maintainers; [ elitak ];
@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
homepage = "https://github.com/Grawp/rtl8812au_rtl8821au";
platforms = [ "x86_64-linux" "i686-linux" ];
@ -48,7 +48,6 @@ stdenv.mkDerivation rec {
maintainers = [ maintainers.z77z ];
(builtins.compareVersions kernel.version "4.4" != -1) ||
(kernel.features.grsecurity or false);
(builtins.compareVersions kernel.version "4.4" != -1);