nixos/virtualbox: Disable hardening for now.

This should display a big fat warning that people can hardly miss until we have fixed the issues with the host-only-interfaces that persist when hardining is enabled. Signed-off-by: aszlig <aszlig@redmoonstudios.org>
2014-12-15 18:50:55 +01:00 · 2014-12-15 18:50:55 +01:00 · 5d67b17901
parent d9ce3ae57f
commit 5d67b17901
1 changed files with 8 additions and 1 deletions
--- a/nixos/modules/programs/virtualbox-host.nix
+++ b/nixos/modules/programs/virtualbox-host.nix
@ -35,7 +35,7 @@ in

    enableHardening = mkOption {
      type = types.bool;
-      default = true;
+      default = false;
      description = ''
        Enable hardened VirtualBox, which ensures that only the binaries in the
        system path get access to the devices exposed by the kernel modules
@ -54,6 +54,13 @@ in
    boot.extraModulePackages = [ virtualbox ];
    environment.systemPackages = [ virtualbox ];

+    warnings = singleton (
+      "Hardening is currently disabled for VirtualBox, because of some " +
+      "issues in conjunction with host-only-interfaces. If you don't use " +
+      "hostonlyifs, it's strongly recommended to set " +
+      "`services.virtualboxHost.enableHardening = true'!"
+    );
+
    security.setuidOwners = let
      mkVboxStub = program: {
        inherit program;