tree-wide: remove uses of features.grsecurity

7 years ago · e6c65ecb12
parent f7580a1f06
commit e6c65ecb12
8 changed files with 4 additions and 15 deletions
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@ -60,10 +60,7 @@ in

    # Hide kernel pointers (e.g. in /proc/modules) for unprivileged
    # users as these make it easier to exploit kernel vulnerabilities.
-    #
-    # Removed under grsecurity.
-    boot.kernel.sysctl."kernel.kptr_restrict" =
-      if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
+    boot.kernel.sysctl."kernel.kptr_restrict" = 1;

    # Disable YAMA by default to allow easy debugging.
    boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkDefault 0;
--- a/pkgs/development/libraries/accelio/default.nix
+++ b/pkgs/development/libraries/accelio/default.nix
@ -59,7 +59,6 @@ stdenv.mkDerivation rec {
    maintainers = with maintainers; [ wkennington ];
    # kernel 4.2 is the most recent supported kernel
    broken = kernel != null &&
-      (builtins.compareVersions kernel.version "4.2" == 1 ||
-       (kernel.features.grsecurity or false));
+      (builtins.compareVersions kernel.version "4.2" == 1);
  };
 }
--- a/pkgs/os-specific/linux/batman-adv/default.nix
+++ b/pkgs/os-specific/linux/batman-adv/default.nix
@ -26,6 +26,5 @@ stdenv.mkDerivation rec {
    license = stdenv.lib.licenses.gpl2;
    maintainers = with stdenv.lib.maintainers; [ viric fpletz ];
    platforms = with stdenv.lib.platforms; linux;
-    broken = (kernel.features.grsecurity or false);
  };
 }
--- a/pkgs/os-specific/linux/kernel-headers/default.nix
+++ b/pkgs/os-specific/linux/kernel-headers/default.nix
@ -1,7 +1,5 @@
 { stdenv, kernel, perl }:

-assert (!(kernel.features.grsecurity or false));
-
 let
  baseBuildFlags = [ "INSTALL_HDR_PATH=$(out)" "headers_install" ];
 in stdenv.mkDerivation {
--- a/pkgs/os-specific/linux/lttng-modules/default.nix
+++ b/pkgs/os-specific/linux/lttng-modules/default.nix
@ -31,7 +31,6 @@ stdenv.mkDerivation rec {
    maintainers = [ maintainers.bjornfor ];
    broken =
      (builtins.compareVersions kernel.version "3.18" == -1) ||
-      (kernel.features.grsecurity or false) ||
      (kernel.features.chromiumos or false);
  };

--- a/pkgs/os-specific/linux/rtl8723bs/default.nix
+++ b/pkgs/os-specific/linux/rtl8723bs/default.nix
@ -35,8 +35,7 @@ stdenv.mkDerivation rec {
    homepage = "https://github.com/hadess/rtl8723bs";
    license = stdenv.lib.licenses.gpl2;
    platforms = stdenv.lib.platforms.linux;
-    broken = (! versionAtLeast kernel.version "3.19")
-      || (kernel.features.grsecurity or false);
+    broken = (! versionAtLeast kernel.version "3.19");
    maintainers = with maintainers; [ elitak ];
  };
 }
--- a/pkgs/os-specific/linux/rtl8812au/default.nix
+++ b/pkgs/os-specific/linux/rtl8812au/default.nix
@ -31,6 +31,5 @@ stdenv.mkDerivation rec {
    homepage = "https://github.com/Grawp/rtl8812au_rtl8821au";
    license = stdenv.lib.licenses.gpl2;
    platforms = [ "x86_64-linux" "i686-linux" ];
-    broken = (kernel.features.grsecurity or false);
  };
 }
--- a/pkgs/servers/openafs-client/default.nix
+++ b/pkgs/servers/openafs-client/default.nix
@ -48,7 +48,6 @@ stdenv.mkDerivation rec {
    maintainers = [ maintainers.z77z ];
    broken =
      (builtins.compareVersions kernel.version  "3.18" == -1) ||
-      (builtins.compareVersions kernel.version "4.4" != -1) ||
-      (kernel.features.grsecurity or false);
+      (builtins.compareVersions kernel.version "4.4" != -1);
  };
 }