NixOS Hardening: Difference between revisions

@@ Line 1: / Line 1: @@
 == Kernel ==
 === linux-hardened ===
-[https://github.com/anthraxx/linux-hardened linux-hardened] is a Linux kernel with additional hardening patches applied. You can build it from source, but you have too keep the kernel up to date. You can check for latest releases [https://github.com/anthraxx/linux-hardened/releases here].
+[https://github.com/anthraxx/linux-hardened linux-hardened] is a Linux kernel with additional hardening patches applied. You can build it from source, but you have to keep the kernel up to date for receiving security patches. You can check for latest releases [https://github.com/anthraxx/linux-hardened/releases here].
 <syntaxhighlight lang="nix">
@@ Line 8: / Line 8: @@
        buildLinux (args // rec {
-         version = "6.12.79-hardened1";
+         version = "6.18.33-hardened1";
-        hash = "sha256-TKrLHk4aB47vqehEdp5ks4WtMCq/XCDr9ro3eQOoPvE=";
+          hash = "sha256-SlsOQjREc73E+90FiR+zrNELtUY9yZAT34vBr4Dt7h4=";
-         extraMeta.branch = "6.12";
+         extraMeta.branch = "6.18";
          modDirVersion = version;
@@ Line 53: / Line 53: @@
            # Enable gcc plugin options
            GCC_PLUGINS = yes;
-          #A port of the PaX stackleak plugin
-          GCC_PLUGIN_STACKLEAK = yes;
            # Runtime undefined behaviour checks