1
0
Fork 1
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 14:11:36 +00:00

hardened-config: ensure STRICT_KERNEL_RWX

This is y in the default config, but enable it explicitly here to catch
situations where it has been disabled (explicitly or implicitly).
This commit is contained in:
Joachim Fasting 2019-01-05 13:43:42 +01:00
parent 1801aad7b8
commit dfd77a046d
No known key found for this signature in database
GPG key ID: 5C204DF675C90294

View file

@ -66,6 +66,9 @@ ${optionalString (versionAtLeast version "4.12") ''
''}
DEBUG_WX y # boot-time warning on RWX mappings
${optionalString (versionAtLeast version "4.11") ''
STRICT_KERNEL_RWX y
''}
# Stricter /dev/mem
STRICT_DEVMEM? y