alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

Revert "Revert "Revert "linux-hardened: Disable GCC_PLUGIN_RANDSTRUCT"""

Browse source 
The issue with out-of-tree modules has been addressed and the feature
should now be good to re-enable again.

This reverts commit 865f7a14b4.
This commit is contained in:
Pierre Bourdon 2019-01-08 12:15:05 +01:00
parent 1b9bf8fa75
commit b26c824da3
No known key found for this signature in database
GPG key ID: 6FB80DCD84DA0F1C
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkgs/os-specific/linux/kernel/hardened-config.nix
View file

@ -125,6 +125,11 @@ ${optionalString (versionAtLeast version "4.20") ''
GCC_PLUGIN_STACKLEAK y # A port of the PaX stackleak plugin
''}
${optionalString (versionAtLeast version "4.13") ''
GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin
GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y
''}
# Disable various dangerous settings
ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory
PROC_KCORE n # Exposes kernel text image layout