forked from mirrors/nixpkgs
e99228db30
Previously, we would only set a default value, on the theory that `boot.kernelPackages` could be used to sanely configure a custom grsec kernel. Regrettably, this is not the case and users who expect e.g., `boot.kernelPackages = pkgs.linuxPackages_latest` to work will end up with a non-grsec kernel (this problem has come up twice on the bug tracker recently). With this patch, `security.grsecurity.enable = true` implies `boot.kernelPackages = linuxPackages_grsec_nixos` and any customization must be done via package override or by eschewing the module. |
||
---|---|---|
.. | ||
acme.nix | ||
acme.xml | ||
apparmor-suid.nix | ||
apparmor.nix | ||
audit.nix | ||
ca.nix | ||
chromium-suid-sandbox.nix | ||
duosec.nix | ||
grsecurity.nix | ||
grsecurity.xml | ||
hidepid.nix | ||
hidepid.xml | ||
oath.nix | ||
pam.nix | ||
pam_mount.nix | ||
pam_usb.nix | ||
polkit.nix | ||
prey.nix | ||
rngd.nix | ||
rtkit.nix | ||
setuid-wrapper.c | ||
setuid-wrappers.nix | ||
sudo.nix |