pyrox.dev / nixpkgs
lol
fork atom

hardened-config: enable the randstruct plugin

Joachim Fasting 9a763f8f edd0d2f2

options
unified split
Changed files
+5
pkgs
os-specific
linux
kernel
hardened-config.nix
+5
pkgs/os-specific/linux/kernel/hardened-config.nix 
···

       
93

       
 

       
  GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin


     

       
94

       
 

       
''}


     

       
95

       
 

       



     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       

       

       
     

       
96

       
 

       
# Disable various dangerous settings


     

       
97

       
 

       
ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory


     

       
98

       
 

       
PROC_KCORE n # Exposes kernel text image layout


     
···

       
93

       
 

       
  GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin


     

       
94

       
 

       
''}


     

       
95

       
 

       



     

       
96

       
+

       
${optionalString (versionAtLeast version "4.13") ''


     

       
97

       
+

       
  GCC_PLUGIN_RANDSTRUCT y # A port of the PaX randstruct plugin


     

       
98

       
+

       
  GCC_PLUGIN_RANDSTRUCT_PERFORMANCE y


     

       
99

       
+

       
''}


     

       
100

       
+

       



     

       
101

       
 

       
# Disable various dangerous settings


     

       
102

       
 

       
ACPI_CUSTOM_METHOD n # Allows writing directly to physical memory


     

       
103

       
 

       
PROC_KCORE n # Exposes kernel text image layout