linux: disable KUnit (#247826)

author: Yureka <yuka@yuka.dev> 2023-08-09 09:54:07 +0200
committer: GitHub <noreply@github.com> 2023-08-09 09:54:07 +0200
commit: 80be2b22b0b604902f2e36e7b216b39103662f09 (patch)
tree: 958555d68e3af30bdcb18a1a9cfce180601989d7 /pkgs/os-specific/linux/kernel/common-config.nix
parent: 0a139cd67d80efaec5b0d0c9ba1103ce4e076e34 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix
index 3240fe93de199..caa788a92c411 100644
--- a/pkgs/os-specific/linux/kernel/common-config.nix
+++ b/pkgs/os-specific/linux/kernel/common-config.nix
@@ -1034,6 +1034,10 @@ let
 
       # Fresh toolchains frequently break -Werror build for minor issues.
       WERROR = whenAtLeast "5.15" no;
+
+      # > CONFIG_KUNIT should not be enabled in a production environment. Enabling KUnit disables Kernel Address-Space Layout Randomization (KASLR), and tests may affect the state of the kernel in ways not suitable for production.
+      # https://www.kernel.org/doc/html/latest/dev-tools/kunit/start.html
+      KUNIT = no;
     } // optionalAttrs (stdenv.hostPlatform.system == "x86_64-linux" || stdenv.hostPlatform.system == "aarch64-linux") {
       # Enable CPU/memory hotplug support
       # Allows you to dynamically add & remove CPUs/memory to a VM client running NixOS without requiring a reboot
author	Yureka <yuka@yuka.dev>	2023-08-09 09:54:07 +0200
committer	GitHub <noreply@github.com>	2023-08-09 09:54:07 +0200
commit	80be2b22b0b604902f2e36e7b216b39103662f09 (patch)
tree	958555d68e3af30bdcb18a1a9cfce180601989d7 /pkgs/os-specific/linux/kernel/common-config.nix
parent	0a139cd67d80efaec5b0d0c9ba1103ce4e076e34 (diff)