grsecurity: enable support for setting pax flags via xattrs

While useless for binaries within the Nix store, user xattrs are a convenient alternative for setting PaX flags to executables outside of the store. To use disable secure memory protections for a non-store file foo, do $ setfattr -n user.pax.flags -v em foo
author: Joachim Fasting <joachifm@fastmail.fm> 2016-07-16 16:58:15 +0200
committer: Joachim Fasting <joachifm@fastmail.fm> 2016-07-20 10:17:11 +0200
commit: c93ffb95bcebd6b64713df8dc07b0c77c9bb858e (patch)
tree: 89df37b96af0cca6cec3530faf39b46f5bc3abae /pkgs
parent: 33932304e11ddb2dad4ca9ffb6d1f0d7950a81b4 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
index 894f2d8e3641b..67bad8aeb4015 100644
--- a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
+++ b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
@@ -14,7 +14,7 @@ GRKERNSEC_CONFIG_VIRT_KVM y
 GRKERNSEC_CONFIG_PRIORITY_SECURITY y
 
 PAX_PT_PAX_FLAGS y
-PAX_XATTR_PAX_FLAGS n
+PAX_XATTR_PAX_FLAGS y
 PAX_EI_PAX n
 
 GRKERNSEC_PROC_GID 0
author	Joachim Fasting <joachifm@fastmail.fm>	2016-07-16 16:58:15 +0200
committer	Joachim Fasting <joachifm@fastmail.fm>	2016-07-20 10:17:11 +0200
commit	c93ffb95bcebd6b64713df8dc07b0c77c9bb858e (patch)
tree	89df37b96af0cca6cec3530faf39b46f5bc3abae /pkgs
parent	33932304e11ddb2dad4ca9ffb6d1f0d7950a81b4 (diff)