pyrox.dev / nixpkgs
lol
fork atom

nixos: condition sysctl.kptr_restrict on features.grsecurity

Conditioning `sysctl.kptr_restrict` on `features.grsecurity` supports
any grsecurity enabled kernel without having to enable the grsecurity
module.

Joachim Fasting 5cb2cee9 a00e19ce

options
unified split
Changed files
+1 -1
nixos
modules
config
sysctl.nix
+1 -1
nixos/modules/config/sysctl.nix 
···

       
64

       
64

       
 

       
    #


     

       
65

       
65

       
 

       
    # Removed under grsecurity.


     

       
66

       
66

       
 

       
    boot.kernel.sysctl."kernel.kptr_restrict" =


     

       
67

       

       
-

       
      if config.security.grsecurity.enable then null else 1;


     

       

       
67

       
+

       
      if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;


     

       
68

       
68

       
 

       
  };


     

       
69

       
69

       
 

       
}