nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-02-17 01:24:47 +00:00
Code Issues Packages Projects Releases Wiki Activity

grsecurity: add GRKERNSEC_DENYUSB option (disabled by default)

Browse Source 
This option tells the kernel to ignore plug-in events of USB devices. Useful to
protect against attacks with malicious hardware. Currently disabled by default,
though.
This commit is contained in:
Peter Simons 2014-11-11 13:29:42 +01:00 committed by Michael Raskin
parent 47f0784985
commit cfce8509b8
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/build-support/grsecurity/default.nix
View File

@ -10,6 +10,7 @@ let
mode = "auto"; mode = "auto";
sysctl = false; sysctl = false;
denyChrootChmod = false; denyChrootChmod = false;
denyUSB = false;
restrictProc = false; restrictProc = false;
restrictProcWithGroup = true; restrictProcWithGroup = true;
unrestrictProcGid = 121; # Ugh, an awful hack. See grsecurity NixOS gid unrestrictProcGid = 121; # Ugh, an awful hack. See grsecurity NixOS gid
@ -106,6 +107,7 @@ let
GRKERNSEC_SYSCTL ${boolToKernOpt cfg.config.sysctl} GRKERNSEC_SYSCTL ${boolToKernOpt cfg.config.sysctl}
GRKERNSEC_CHROOT_CHMOD ${boolToKernOpt cfg.config.denyChrootChmod} GRKERNSEC_CHROOT_CHMOD ${boolToKernOpt cfg.config.denyChrootChmod}
GRKERNSEC_DENYUSB ${boolToKernOpt cfg.config.denyUSB}
GRKERNSEC_NO_RBAC ${boolToKernOpt cfg.config.disableRBAC} GRKERNSEC_NO_RBAC ${boolToKernOpt cfg.config.disableRBAC}
${restrictLinks} ${restrictLinks}