[Nix-dev] grsecurity on Nix
Matthew Robbetts
wingfeathera at gmail.com
Tue Aug 2 06:48:41 CEST 2016
> On Aug 1, 2016, at 1:17 PM, Daniel Hlynskyi <abcz2.uprola at gmail.com> wrote:
>
> Actually, there was a nice addition recently
>
> https://nixos.org/releases/nixos/unstable/nixos-16.09pre87733.dbd856d/manual/index.html#sec-grsecurity <https://nixos.org/releases/nixos/unstable/nixos-16.09pre87733.dbd856d/manual/index.html#sec-grsecurity>
>
> Just do
> security.grsecurity.enable = true;
> if you follow unstable
Huh! That was a much easier option.
Thanks guys!
> 2016-08-01 19:51 GMT+00:00 Matthew Robbetts <wingfeathera at gmail.com <mailto:wingfeathera at gmail.com>>:
> Hi Nixers,
>
> I’m interested in setting up grsecurity/PaX protections on my nix machine. My googling led me quickly to:
> https://nixos.org/wiki/Hardened_NixOS <https://nixos.org/wiki/Hardened_NixOS>
>
> which makes perfect sense. I’m coming from Gentoo anyway, and the Hardened project there is familiar to me. The instructions there (basically add kernel options) have also worked just fine (at least, they have affected the outcome from running paxtest).
>
> However, I then noticed the existence of nixos/modules/security/grsecurity.nix, which appears to me to automate some of this, but is not mentioned at all on the wiki. Is this module the preferred way to enable grsecurity, and the wiki just needs updating?
>
>
> Ta,
> Matt
>
> _______________________________________________
> nix-dev mailing list
> nix-dev at lists.science.uu.nl <mailto:nix-dev at lists.science.uu.nl>
> http://lists.science.uu.nl/mailman/listinfo/nix-dev <http://lists.science.uu.nl/mailman/listinfo/nix-dev>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160801/03fcd9bd/attachment-0001.html>
More information about the nix-dev
mailing list