The plan is to fix mounting DFS shares on NixOS (for which some of these
options are needed), but I figured it might be a good idea to enable all
CONFIG_CIFS_* like Fedora 24 and Ubuntu 16.04 while at it. Ubuntu even
has CONFIG_CIFS_SMB311, but as Fedora do not, I left it out.
Mounting DFS shares still doesn't work; need to configure cifs.upcall
and /etc/request-key.conf. Until then, using GVFS as a workaround.
Fixes this ./configure symptom:
configure: WARNING: talloc.h not found, consider installing libtalloc-devel. Disabling cifs.upcall.
and is needed to (eventually) fix CIFS + DFS kernel mount on NixOS.
Build fails across all our kernels. There is a new version 1.60, but
it, too, fails to build. Until somebody comes along to patch around it,
we might as well mark this as broken.
Fairly severe, but can be disabled at bootup via
grsec_sysfs_restrict=0. For the NixOS module we ensure that it is
disabled, for systemd compatibility.
Copied from linux_4_4 (except for the EFI stub thing).
Otherwise the firewall module fails to evaluate:
Failed assertions:
- This kernel does not support rpfilter
The `groups.1.gz` collides with one from coreutils. The code to fix this
was already present in expression, but wrongly assumes that share/man/man1
directory will be copied to `man` output after `installPhase`.
It turned out, that man directory is set at configure step, so we should
remove file from `man` output.
This reverts commit 5d804566df.
This was an error on my part. I had the commit sitting on my local master
and pulled upstream to rebase my commit before pushing. I didn't notice
there was a commit bumping lxc and the auto-merge on the rebase.
This reverts commit fdbf7dc8b3.
Unfortunately, while gradm now works when the RBAC system is enabled,
gradm still fails when full system learning is enabled, so I probably
need to try again later.
The built-in ACL prevents the gradm binary from loading dynamic
libraries from the Nix store. Thus, once the RBAC system is activated,
the gradm binary cannot be used.
Fix by patching in rules to allow references to the Nix store where
appropriate.
