mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-22 04:57:56 +03:00
linux_*_hardened: don't set X86_X32
As far as I can tell, this has never defaulted to on upstream, and our common kernel configuration doesn't turn it on, so the attack surface reduction here is somewhat homeopathic.
This commit is contained in:
parent
0d4f35efd4
commit
7d5352df31
@ -19,8 +19,6 @@ assert (versionAtLeast version "4.9");
|
||||
optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
|
||||
DEFAULT_MMAP_MIN_ADDR = freeform "65536"; # Prevent allocation of first 64K of memory
|
||||
|
||||
# Reduce attack surface by disabling X32
|
||||
X86_X32 = no;
|
||||
# Note: this config depends on EXPERT y and so will not take effect, hence
|
||||
# it is left "optional" for now.
|
||||
MODIFY_LDT_SYSCALL = option no;
|
||||
|
Loading…
Reference in New Issue
Block a user