ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-11-15 13:37:21 +03:00
Code Issues Projects Releases Wiki Activity

kernel: set virtualization options regardless of grsec

Browse Source 
Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
This commit is contained in:
Joachim Fasting 2016-05-17 05:20:48 +02:00
parent d8e4432fe2
commit 4ae5eb97f1
No known key found for this signature in database
GPG Key ID: 4330820E1E04DCF4
1 changed files with 6 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/os-specific/linux/kernel/common-config.nix
View File

@ -420,13 +420,11 @@ with stdenv.lib;
# Virtualisation. # Virtualisation.
PARAVIRT? y PARAVIRT? y
${optionalString (!(features.grsecurity or false)) ${if versionAtLeast version "3.10" then ''
(if versionAtLeast version "3.10" then ''
HYPERVISOR_GUEST y HYPERVISOR_GUEST y
'' else '' '' else ''
PARAVIRT_GUEST? y PARAVIRT_GUEST? y
'') ''}
}
KVM_APIC_ARCHITECTURE y KVM_APIC_ARCHITECTURE y
KVM_ASYNC_PF y KVM_ASYNC_PF y
${optionalString (versionOlder version "3.7") '' ${optionalString (versionOlder version "3.7") ''
@ -441,9 +439,7 @@ with stdenv.lib;
${optionalString (versionAtLeast version "4.0") '' ${optionalString (versionAtLeast version "4.0") ''
KVM_GENERIC_DIRTYLOG_READ_PROTECT y KVM_GENERIC_DIRTYLOG_READ_PROTECT y
''} ''}
${optionalString (!features.grsecurity or true) ''
KVM_GUEST y KVM_GUEST y
''}
KVM_MMIO y KVM_MMIO y
${optionalString (versionAtLeast version "3.13") '' ${optionalString (versionAtLeast version "3.13") ''
KVM_VFIO y KVM_VFIO y