diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix index f4af04247fe9..3bd58218c99d 100644 --- a/nixos/modules/security/grsecurity.nix +++ b/nixos/modules/security/grsecurity.nix @@ -6,12 +6,10 @@ let cfg = config.security.grsecurity; customGrsecPkg = - (import ../../../pkgs/build-support/grsecurity - { - inherit lib pkgs; - grsecOptions = cfg; - } - ).grsecPackage; + (import ../../../pkgs/build-support/grsecurity { + grsecOptions = cfg; + inherit pkgs lib; + }).grsecPackage; in { options = { @@ -36,14 +34,6 @@ in ''; }; - vserver = mkOption { - type = types.bool; - default = false; - description = '' - Enable the stable grsecurity/vserver patches, based on Linux 3.2. - ''; - }; - testing = mkOption { type = types.bool; default = false; @@ -246,9 +236,6 @@ in both. ''; } - { assertion = (cfg.testing -> !cfg.vserver); - message = "The vserver patches are only supported in the stable kernel."; - } { assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) || (cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc); message = "You cannot enable both restrictProc and restrictProcWithGroup"; diff --git a/pkgs/build-support/grsecurity/default.nix b/pkgs/build-support/grsecurity/default.nix index a9c60a2afbd0..e66b348d082a 100644 --- a/pkgs/build-support/grsecurity/default.nix +++ b/pkgs/build-support/grsecurity/default.nix @@ -5,7 +5,6 @@ with lib; let cfg = { stable = grsecOptions.stable or false; - vserver = grsecOptions.vserver or false; testing = grsecOptions.testing or false; config = { mode = "auto"; @@ -29,12 +28,11 @@ let }; test-patch = with pkgs.kernelPatches; grsecurity_unstable; - stable-patch = with pkgs.kernelPatches; - if cfg.vserver then grsecurity_vserver else grsecurity_stable; + stable-patch = with pkgs.kernelPatches; grsecurity_stable; - grKernel = if (cfg.stable || cfg.vserver) - then mkKernel pkgs.linux_3_2 stable-patch - else mkKernel pkgs.linux_3_14 test-patch; + grKernel = if cfg.stable + then mkKernel pkgs.linux_3_14 stable-patch + else mkKernel pkgs.linux_3_15 test-patch; ## -- grsecurity configuration --------------------------------------------- diff --git a/pkgs/build-support/grsecurity/flavors.nix b/pkgs/build-support/grsecurity/flavors.nix index 57d52e7cf943..969ca579f5a6 100644 --- a/pkgs/build-support/grsecurity/flavors.nix +++ b/pkgs/build-support/grsecurity/flavors.nix @@ -16,12 +16,6 @@ in linux_grsec_stable_server_xen = mkOpts "stable" "security" "server" "guest" "xen" true; - # Stable+vserver kernels - server versions only - linux_grsec_vserver_server = - mkOpts "vserver" "security" "server" "host" "kvm" true; - linux_grsec_vserver_server_xen = - mkOpts "vserver" "security" "server" "guest" "xen" true; - # Testing kernels linux_grsec_testing_desktop = mkOpts "testing" "performance" "desktop" "host" "kvm" true; @@ -29,4 +23,4 @@ in mkOpts "testing" "security" "server" "host" "kvm" true; linux_grsec_testing_server_xen = mkOpts "testing" "security" "server" "guest" "xen" true; -} \ No newline at end of file +} diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix index 9f62042d09c8..eb4d7a100be9 100644 --- a/pkgs/os-specific/linux/kernel/patches.nix +++ b/pkgs/os-specific/linux/kernel/patches.nix @@ -60,24 +60,17 @@ rec { }; grsecurity_stable = grsecPatch - { kversion = "3.2.60"; - revision = "201406191345"; + { kversion = "3.14.8"; + revision = "201406222110"; branch = "stable"; - sha256 = "1zb2qxh2qhsrqi4gnslr3b6342ni9c6y20gb8jgh5plhnk5szx7v"; - }; - - grsecurity_vserver = grsecPatch - { kversion = "3.2.60"; - revision = "vs2.3.2.16-201406191346"; - branch = "vserver"; - sha256 = "0qlbqpnh5wkgk8phh67bl4a25rb8n1k1hlq0kmcrnz6c3kflrsdz"; + sha256 = "0jar710hqpjkp4g3ldrbcpgc170v9qp8ykajq5fi8mxx4j54gjwa"; }; grsecurity_unstable = grsecPatch - { kversion = "3.14.8"; - revision = "201406191347"; + { kversion = "3.15.1"; + revision = "201406222112"; branch = "test"; - sha256 = "01kl89vhr3mrp7g4ypcf9xrv0i4f9d4sdq4a11qhwyf1w48qr7da"; + sha256 = "04sbpmzgfgn7hjiln9baynpgr7k67lm0b5wn2z8i2jsjigfmv0r4"; }; grsec_fix_path = diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix index 782443c13b62..a50cf7d92a00 100644 --- a/pkgs/top-level/all-packages.nix +++ b/pkgs/top-level/all-packages.nix @@ -7285,10 +7285,6 @@ let linux_grsec_stable_server = grKernel grFlavors.linux_grsec_stable_server; linux_grsec_stable_server_xen = grKernel grFlavors.linux_grsec_stable_server_xen; - # Stable+vserver kernels - server versions only - #linux_grsec_vserver_server = grKernel grFlavors.linux_grsec_vserver_server; - #linux_grsec_vserver_server_xen = grKernel grFlavors.linux_grsec_vserver_server_xen; - # Testing kernels linux_grsec_testing_desktop = grKernel grFlavors.linux_grsec_testing_desktop; linux_grsec_testing_server = grKernel grFlavors.linux_grsec_testing_server; @@ -7408,10 +7404,6 @@ let linuxPackages_grsec_stable_server = grPackage grFlavors.linux_grsec_stable_server; linuxPackages_grsec_stable_server_xen = grPackage grFlavors.linux_grsec_stable_server_xen; - # Stable+vserver kernels - server versions only - #linuxPackages_grsec_vserver_server = grPackage grFlavors.linux_grsec_vserver_server; - #linuxPackages_grsec_vserver_server_xen = grPackage grFlavors.linux_grsec_vserver_server_xen; - # Testing kernels linuxPackages_grsec_testing_desktop = grPackage grFlavors.linux_grsec_testing_desktop; linuxPackages_grsec_testing_server = grPackage grFlavors.linux_grsec_testing_server;