[Nix-dev] grsecurity on Nix

Matthew Robbetts wingfeathera at gmail.com
Mon Aug 1 21:51:14 CEST 2016


Hi Nixers,

I’m interested in setting up grsecurity/PaX protections on my nix machine. My googling led me quickly to:
https://nixos.org/wiki/Hardened_NixOS <https://nixos.org/wiki/Hardened_NixOS>

which makes perfect sense. I’m coming from Gentoo anyway, and the Hardened project there is familiar to me. The instructions there (basically add kernel options) have also worked just fine (at least, they have affected the outcome from running paxtest).

However, I then noticed the existence of nixos/modules/security/grsecurity.nix, which appears to me to automate some of this, but is not mentioned at all on the wiki. Is this module the preferred way to enable grsecurity, and the wiki just needs updating?


Ta,
Matt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160801/1e23f304/attachment.html>


More information about the nix-dev mailing list