Official NixOS Wiki

NixOS Hardening: Difference between revisions

← Older edit
Golbinex (talk | contribs)
25 edits
VisualWikitext
Railwhale (talk | contribs)
19 edits
add see also
Golbinex (talk | contribs)
25 edits
linux-hardened: Update to 6.18
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== Kernel ==
== Kernel ==
=== linux-hardened ===
=== linux-hardened ===
[https://github.com/anthraxx/linux-hardened linux-hardened] is a Linux kernel with additional hardening patches applied. You can check for latest releases [https://github.com/anthraxx/linux-hardened/releases here].
[https://github.com/anthraxx/linux-hardened linux-hardened] is a Linux kernel with additional hardening patches applied. You can build it from source, but you have to keep the kernel up to date for receiving security patches. You can check for latest releases [https://github.com/anthraxx/linux-hardened/releases here].


<syntaxhighlight lang="nix">
<syntaxhighlight lang="nix">
Line 8: Line 8:


       buildLinux (args // rec {
       buildLinux (args // rec {
         version = "6.12.79-hardened1";
         version = "6.18.33-hardened1";
        hash = "sha256-TKrLHk4aB47vqehEdp5ks4WtMCq/XCDr9ro3eQOoPvE=";
          hash = "sha256-SlsOQjREc73E+90FiR+zrNELtUY9yZAT34vBr4Dt7h4=";
         extraMeta.branch = "6.12";
         extraMeta.branch = "6.18";


         modDirVersion = version;
         modDirVersion = version;
Line 53: Line 53:
           # Enable gcc plugin options
           # Enable gcc plugin options
           GCC_PLUGINS = yes;
           GCC_PLUGINS = yes;
          #A port of the PaX stackleak plugin
          GCC_PLUGIN_STACKLEAK = yes;


           # Runtime undefined behaviour checks
           # Runtime undefined behaviour checks
Retrieved from "https://wiki.nixos.org/wiki/NixOS_Hardening"