From 928fdab4a100be81739592d115ff7fc734fae3ca Mon Sep 17 00:00:00 2001 From: Izorkin Date: Thu, 5 Dec 2019 11:20:07 +0300 Subject: [PATCH] linux: add in kernel 5.4 lockdown feature --- pkgs/os-specific/linux/kernel/common-config.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index ff3e4fb25623..8158865ab299 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -363,6 +363,7 @@ let SECURITY_APPARMOR = yes; DEFAULT_SECURITY_APPARMOR = yes; + SECURITY_LOCKDOWN_LSM = whenAtLeast "5.4" yes; } // optionalAttrs (!stdenv.hostPlatform.isAarch32) { # Detect buffer overflows on the stack