linux_*_hardened: don't set RANDOMIZE_{BASE,MEMORY}

These are on by default for x86 in upstream linux-5.6.2, and turned on for arm64 by anthraxx/linux-hardened@90f9670bc3696f564ac2e874a2b80046b90ea49f.
author: Emily <vcs@emily.moe> 2020-04-04 22:57:15 +0100
committer: Emily <vcs@emily.moe> 2020-04-17 16:13:39 +0100
commit: 130f6812be4a3ea5ea7ed5403f1741bf8ffe1e19 (patch)
tree: f695096c770954ab010b26dbb5ef588d103d5083 /pkgs/os-specific
parent: 8c68055432d501d604e906dfca242eed60c48e35 (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 75cfd68ef0d38..50bc120ff0fd7 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -17,10 +17,6 @@ with (stdenv.lib.kernel.whenHelpers version);
 assert (versionAtLeast version "4.9");
 
 optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
-  # Randomize position of kernel and memory.
-  RANDOMIZE_BASE   = yes;
-  RANDOMIZE_MEMORY = yes;
-
   # Disable legacy virtual syscalls by default (modern glibc use vDSO instead).
   #
   # Note that the vanilla default is to *emulate* the legacy vsyscall mechanism,
author	Emily <vcs@emily.moe>	2020-04-04 22:57:15 +0100
committer	Emily <vcs@emily.moe>	2020-04-17 16:13:39 +0100
commit	130f6812be4a3ea5ea7ed5403f1741bf8ffe1e19 (patch)
tree	f695096c770954ab010b26dbb5ef588d103d5083 /pkgs/os-specific
parent	8c68055432d501d604e906dfca242eed60c48e35 (diff)