colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

grsecurity module: permit chmod +s in sandboxed builds

Browse Source 
While useless, some builds may dabble with setuid bits (e.g.,
util-linux), which breaks under grsec.  In the interest of user
friendliness, we once again compromise by disabling an otherwise useful
feature ...

Closes https://github.com/NixOS/nixpkgs/issues/17501
This commit is contained in:
Joachim Fasting 2016-08-15 19:55:12 +02:00
parent 9062c67914
commit 7fd99066c4
No known key found for this signature in database
GPG Key ID: 7544761007FE4E08
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/security/grsecurity.nix
View File

@ -119,6 +119,7 @@ in
"kernel.grsecurity.chroot_deny_chroot" = mkForce 0;
"kernel.grsecurity.chroot_deny_mount" = mkForce 0;
"kernel.grsecurity.chroot_deny_pivot" = mkForce 0;
"kernel.grsecurity.chroot_deny_chmod" = mkForce 0;
} // optionalAttrs containerSupportRequired {
# chroot(2) restrictions that conflict with NixOS lightweight containers
"kernel.grsecurity.chroot_deny_chmod" = mkForce 0;