kernel/hardened-config.nix: re-enable GCC plugins

2025-01-18 19:03:28 +00:00 · 2019-01-04 02:07:53 +01:00 · 2019-01-04 02:07:53 +01:00 · 9dc0d94896
commit 9dc0d94896
parent c789f642f0
1 changed files with 8 additions and 10 deletions
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@ -103,17 +103,15 @@ PAGE_POISONING_ZERO y
 PANIC_ON_OOPS y
 PANIC_TIMEOUT -1

-${optionalString (versionOlder version "4.18") ''
-  GCC_PLUGINS y # Enable gcc plugin options
-  # Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
-  GCC_PLUGIN_LATENT_ENTROPY y
+GCC_PLUGINS y # Enable gcc plugin options
+# Gather additional entropy at boot time for systems that may not have appropriate entropy sources.
+GCC_PLUGIN_LATENT_ENTROPY y

-  ${optionalString (versionAtLeast version "4.11") ''
-    GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
-  ''}
-  ${optionalString (versionAtLeast version "4.14") ''
-    GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
-  ''}
+${optionalString (versionAtLeast version "4.11") ''
+  GCC_PLUGIN_STRUCTLEAK y # A port of the PaX structleak plugin
+''}
+${optionalString (versionAtLeast version "4.14") ''
+  GCC_PLUGIN_STRUCTLEAK_BYREF_ALL y # Also cover structs passed by address
 ''}

 # Disable various dangerous settings