nixos: condition sysctl.kptr_restrict on features.grsecurity

Conditioning `sysctl.kptr_restrict` on `features.grsecurity` supports
any grsecurity enabled kernel without having to enable the grsecurity
module.
This commit is contained in:
Joachim Fasting 2015-03-28 22:47:01 +01:00
parent a00e19ceb9
commit 5cb2cee954

View File

@ -64,6 +64,6 @@ in
#
# Removed under grsecurity.
boot.kernel.sysctl."kernel.kptr_restrict" =
if config.security.grsecurity.enable then null else 1;
if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
};
}