grsecurity: enable support for setting pax flags via xattrs

While useless for binaries within the Nix store, user xattrs are a convenient alternative for setting PaX flags to executables outside of the store. To use disable secure memory protections for a non-store file foo, do $ setfattr -n user.pax.flags -v em foo
NixOS · Jul 20, 2016 · c93ffb9 · c93ffb9
1 parent 3393230
commit c93ffb9
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix b/pkgs/os-specific/linux/kernel/grsecurity-nixos-config.nix
@@ -14,7 +14,7 @@ GRKERNSEC_CONFIG_VIRT_KVM y
 GRKERNSEC_CONFIG_PRIORITY_SECURITY y
 
 PAX_PT_PAX_FLAGS y
-PAX_XATTR_PAX_FLAGS n
+PAX_XATTR_PAX_FLAGS y
 PAX_EI_PAX n
 
 GRKERNSEC_PROC_GID 0