jolheiser/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
83,523 Commits 266 Branches 122 Tags 5.3 GiB
201f6600cb
Commit Graph

30 Commits

Author SHA1 Message Date
Joachim Fasting
d4d7bfe07b
grsecurity: add option to disable chroot caps restriction 
The chroot caps restriction disallows chroot'ed processes from running
any command that requires `CAP_SYS_ADMIN`, breaking `nixos-rebuild`. See
e.g., https://github.com/NixOS/nixpkgs/issues/15293

This significantly weakens chroot protections, but to break
nixos-rebuild out of the box is too severe.
 2016-05-10 16:17:08 +02:00
Joachim Fasting
50d915c758
grsecurity: optionally disable features for redistributed kernels 2016-05-06 16:37:25 +02:00
Joachim Fasting
da767356f2
grsecurity: support disabling TCP simultaneous connect 
Defaults to OFF because disabling TCP simultaneous connect breaks some
legitimate use cases, notably WebRTC [1], but it's nice to provide the
option for deployments where those features are unneeded anyway.

This is an alternative to https://github.com/NixOS/nixpkgs/pull/4937

[1]: http://article.gmane.org/gmane.linux.documentation/9425
 2016-05-04 03:53:24 +02:00
Joachim Fasting
39db90eaf6
grsecurity: simplify preConfigure 2016-05-02 11:28:06 +02:00
Joachim Fasting
a69501a936
grsecurity: ensure that PaX ELF markings are enabled 
The upstream default is to enable only xattr markings, breaking the
paxmarks facility.
 2016-05-02 11:28:06 +02:00
Joachim Fasting
27035365ec build-support/grsecurity: simplify the grsecurityOverrider 
Adding inputs required by gcc plugins to the ambient environment is sufficient.
 2016-04-12 01:23:32 +02:00
Domen Kožar
b07e7bfc7b Merge remote-tracking branch 'origin/staging' 2016-03-27 13:19:04 +01:00
Joachim Fasting
304c4a514e grsecurity: fix gcc plugin 
Also needs mpfr and libmpc
 2016-03-26 21:01:21 +01:00
tg(x)
38614d3f6a grsecurity: use kernel version instead of testing / stable 2016-02-28 04:10:59 +01:00
tg(x)
4e3d6d3e90 grsecurity: separate fix patches for testing & stable 2016-02-27 19:54:55 +01:00
tg(x)
7547960546 grsecurity: move version information to one place 2016-02-27 18:36:12 +01:00
tg(x)
d95321b83e grsecurity: 4.3.4 -> 4.4.2 2016-02-27 18:36:12 +01:00
Dan Peebles
8f9aea9ccc grsecurity: fix kernel config and uncomment grsecurity kernels 2016-01-23 16:58:44 +00:00
Dan Peebles
33cf0792b1 grsecurity-testing: update patches and associated kernel version 2016-01-23 14:29:34 +00:00
Eelco Dolstra
16acdb45bd Revert "kernel: Remove unsupported 3.10, 3.12, 3.14" 
This reverts commit 2441e002e26d60e62306ae03a2c0d42fe156f129. The
motivation for removing them was not very convincing. Also, we need
3.14 on some Hydra build machines.
 2015-11-19 14:25:16 +01:00
William A. Kennington III
2441e002e2 kernel: Remove unsupported 3.10, 3.12, 3.14 
Our base kernel headers were bumped to 3.18 so we can no longer reliably
support kernels older than 3.18
 2015-11-09 11:10:42 -08:00
William A. Kennington III
194357ad20 grsecurityUnstable: 4.1.7 -> 4.2.3 2015-10-15 10:41:04 -07:00
Vladimír Čunát
54c4aab662 nixos: kill services.virtualboxGuest to fix #9600 2015-09-02 04:54:31 +02:00
William A. Kennington III
a5d6e61c2f grsecurity: Push testing from 4.0 -> 4.1 2015-08-04 13:28:16 -07:00
William A. Kennington III
0e4057b167 kernel: 4.0.1 -> 4.0.2 2015-05-07 20:32:24 -07:00
Joachim Fasting
ba93a75724 grsecurity module: use types.enum 
Also
- set desktop as default system
- make virtualisationSoftware nullOr
- make virtualisationConfig nullOr
 2015-04-03 13:45:45 +02:00
Ricardo M. Correia
7c8247a8c5 grsecurity: Update stable and test patches 
stable: 3.1-3.14.35-201503071140 -> 3.1-3.14.35-201503092203
test:   3.1-3.18.9-201503071142  -> 3.1-3.19.1-201503122205
 2015-03-15 03:49:58 +01:00
Peter Simons
cfce8509b8 grsecurity: add GRKERNSEC_DENYUSB option (disabled by default) 
This option tells the kernel to ignore plug-in events of USB devices. Useful to
protect against attacks with malicious hardware. Currently disabled by default,
though.
 2015-01-19 00:15:41 +03:00
Ricardo M. Correia
1d44322d53 grsecurity: Update stable and test patches 
stable: 3.0-3.14.27-201412211908 -> 3.0-3.14.27-201412280859
test:   3.0-3.17.7-201412211910  -> 3.0-3.18.1-201412281149
 2014-12-29 03:00:47 +01:00
aszlig
444987193e
nixos: Rename virtualbox to virtualboxGuest. 
Especially new users could be confused by this, so we're now marking
services.virtualbox.enable as obsolete and defaulting to
services.virtualboxGuest.enable instead. I believe this now makes it
clear, that this option is for guest additions only.

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
 2014-11-27 18:42:22 +01:00
Alexander Kjeldaas
005bb796e6 Updated grsec. 2014-10-22 02:18:41 +02:00
Ricardo M. Correia
238a84ac78 grsecurity: Update stable and test patches 
stable: 3.0-3.14.17-201408260041 -> 3.0-3.14.18-201409060013
test:   3.0-3.15.10-201408212335 -> 3.0-3.16.2-201409060014
 2014-09-08 15:16:38 +02:00
Austin Seipp
0399c5ee24 grsecurity: update stable/testing kernels, refactoring 
This updates the new stable kernel to 3.14, and the new testing kernel
to 3.15.

This also removes the vserver kernel, since it's probably not nearly as
used.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-06-22 22:29:10 -05:00
Austin Seipp
85b5dc3949 grsec: Fix vserver/stable packaging 
Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 16:37:22 -05:00
Austin Seipp
4f27ad14a1 grsec: refactor grsecurity packages 
This now provides a handful of different grsecurity kernels for slightly
different 'flavors' of packages. This doesn't change the grsecurity
module to use them just yet, however.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
 2014-05-17 14:09:43 -05:00