···
machine = { config, pkgs, ... }:
{ security.grsecurity.enable = true;
11
+
boot.kernel.sysctl."kernel.grsecurity.audit_mount" = 0;
boot.kernel.sysctl."kernel.grsecurity.deter_bruteforce" = 0;
13
+
networking.useDHCP = false;
···
# TODO: running paxtest blackhat hangs the vm
23
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/anonmap") =~ /Killed/ or die;
24
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/execbss") =~ /Killed/ or die;
25
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/execdata") =~ /Killed/ or die;
26
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/execheap") =~ /Killed/ or die;
27
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/execstack") =~ /Killed/ or die;
28
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotanon") =~ /Killed/ or die;
29
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotbss") =~ /Killed/ or die;
30
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotdata") =~ /Killed/ or die;
31
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotheap") =~ /Killed/ or die;
32
-
$machine->succeed("${pkgs.paxtest}/lib/paxtest/mprotstack") =~ /Killed/ or die;
25
+
my @pax_mustkill = (
26
+
"anonmap", "execbss", "execdata", "execheap", "execstack",
27
+
"mprotanon", "mprotbss", "mprotdata", "mprotheap", "mprotstack",
29
+
foreach my $name (@pax_mustkill) {
30
+
my $paxtest = "${pkgs.paxtest}/lib/paxtest/" . $name;
31
+
$machine->succeed($paxtest) =~ /Killed/ or die
# tcc -run executes run-time generated code and so allows us to test whether
pyrox.dev