From 5cb2cee954342d9ddd67a82e3226f5d1a3207ce6 Mon Sep 17 00:00:00 2001
From: Joachim Fasting <joachifm@fastmail.fm>
Date: Sat, 28 Mar 2015 22:47:01 +0100
Subject: [PATCH] nixos: condition sysctl.kptr_restrict on features.grsecurity

Conditioning `sysctl.kptr_restrict` on `features.grsecurity` supports
any grsecurity enabled kernel without having to enable the grsecurity
module.
---
 nixos/modules/config/sysctl.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/config/sysctl.nix b/nixos/modules/config/sysctl.nix
index 3b6ccd380c75..e83562a8356e 100644
--- a/nixos/modules/config/sysctl.nix
+++ b/nixos/modules/config/sysctl.nix
@@ -64,6 +64,6 @@ in
     #
     # Removed under grsecurity.
     boot.kernel.sysctl."kernel.kptr_restrict" =
-      if config.security.grsecurity.enable then null else 1;
+      if (config.boot.kernelPackages.kernel.features.grsecurity or false) then null else 1;
   };
 }