On Mon, Dec 7, 2015, at 12:14 PM, zimbatm wrote: > [...] > (3) is already supported by adding `security.grsecurity.enable` to your > configuration.nix file. To be frank, grsecurity support in NixOS is user-unfriendly. My biggest gripe is that the implementation is biased towards compile-time tuning of run-time behavior. I proposed a few patches towards a sysctl oriented implementation, but they failed to gain traction (granted, the patches are imperfect and incomplete). What is more, the lack of a satisfying method of applying appropriate PaX flags to binaries, ala paxd, greatly impedes use of Grsecurity/PaX on the desktop. Finally, I failed to get RBAC to actually work, in its current form.
I have found it easier to simply switch to a distro with proper Grsecurity/PaX support. If I continue to tinker with NixOS, it will be in a virtual machine. Just my 2 NOK ... _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
