[Nix-dev] grsecurity on Nix
Matthew Robbetts
wingfeathera at gmail.com
Mon Aug 1 22:03:03 CEST 2016
Hi zimbatm,
> On Aug 1, 2016, at 12:57 PM, zimbatm <zimbatm at zimbatm.com> wrote:
>
> Yeah the wiki is definitely outdated, it's been in read-only mode for a while now.
Ah, that’s good to know, thanks. In that case, would you recommend I just use the config options detailed in the grsecurity module for configuration? Is that module “ready to go”?
> If you like security check out also https://github.com/NixOS/nixpkgs/pull/12895 <https://github.com/NixOS/nixpkgs/pull/12895>
I did see that issue on GitHub, yeah. I’ve been trying to work out if I can use it (and also how!). Would it be as simple as checking out that branch of nixpkgs in my local repo and hitting nixos-rebuild switch? That sounds far too easy...
Thanks!
Matt
> Cheers,
> z
>
> On Mon, 1 Aug 2016 at 20:51 Matthew Robbetts <wingfeathera at gmail.com <mailto:wingfeathera at gmail.com>> wrote:
> Hi Nixers,
>
> I’m interested in setting up grsecurity/PaX protections on my nix machine. My googling led me quickly to:
> https://nixos.org/wiki/Hardened_NixOS <https://nixos.org/wiki/Hardened_NixOS>
>
> which makes perfect sense. I’m coming from Gentoo anyway, and the Hardened project there is familiar to me. The instructions there (basically add kernel options) have also worked just fine (at least, they have affected the outcome from running paxtest).
>
> However, I then noticed the existence of nixos/modules/security/grsecurity.nix, which appears to me to automate some of this, but is not mentioned at all on the wiki. Is this module the preferred way to enable grsecurity, and the wiki just needs updating?
>
>
> Ta,
> Matt
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl <mailto:nix-dev at lists.science.uu.nl>
> http://lists.science.uu.nl/mailman/listinfo/nix-dev <http://lists.science.uu.nl/mailman/listinfo/nix-dev>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160801/b8e99d8c/attachment.html>
More information about the nix-dev
mailing list