Commit graph

89 commits

Author SHA1 Message Date
Austin Seipp
92abc4c610 kernel: enable AppArmor by default
AppArmor only requires a few patches to the 3.2 and 3.4 kernels in order
to work properly (with the minor catch grsecurity -stable includes the
3.2 patches.) This adds them to the kernel builds by default, removes
features.apparmor (since it's always true) and makes it the default MAC
system.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Austin Seipp
3efdeef6a3 linux-3.{4,10}: update
Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-05-17 14:09:09 -05:00
Vladimír Čunát
9c8ee7a7e5 linux: minor updates, probably often fixing CVE-2014-0196 2014-05-13 20:00:21 +02:00
Austin Seipp
92f7781f00 kernel/grsecurity: stable/longterm/testing updates
kernels:

  - longterm: 3.4.87  -> 3.4.88
  - longterm: 3.10.37 -> 3.10.38
  - stable:   3.13.10 -> 3.13.11
  - stable:   3.14.1  -> 3.14.2

grsecurity:

  - test: 3.0-3.14.1-201404241722 -> 3.0-3.14.2-201404270907

NOTE: technically the 3.13 stable kernel is now EOL. However, it will
become the long-term grsecurity stable kernel, and will have ongoing
support from Canonical.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-27 08:41:42 -05:00
Austin Seipp
ba2f861f05 kernel: stable/longterm updates
- stable:   3.14    -> 3.14.1
 - longterm: 3.10.36 -> 3.10.37
 - longterm: 3.4.86  -> 3.4.86

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-14 19:46:39 -05:00
Austin Seipp
05ec851050 kernel: longterm updates
- longterm: 3.4.85  -> 3.4.86
 - longterm: 3.10.35 -> 3.10.36
 - longterm: 3.12.15 -> 3.12.17

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-07 13:56:50 -05:00
Austin Seipp
19bc051ca1 kernel: stable/longterm updates
- longterm: 3.4.83  -> 3.4.85
 - longterm: 3.10.33 -> 3.10.35
 - longterm: 3.12.14 -> 3.12.15
 - stable:   3.13.7  -> 3.13.8

NOTE: This will break the testing grsec kernel at the moment (there's
not a 3.13.8 patch yet), but it's destined to be upgraded to 3.14 soon
anyway.

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-04-01 11:11:10 +02:00
Eelco Dolstra
c0f3f6e396 linux: Update to 3.4.83 2014-03-17 11:25:48 +01:00
Austin Seipp
a1dc5ea707 kernel: stable updates
- 3.13 stable:   3.13.3  -> 3.13.4
 - 3.12 stable:   3.12.11 -> 3.12.12
 - 3.10 longterm: 3.10.30 -> 3.10.31
 - 3.4  longterm: 3.4.80  -> 3.4.81

Signed-off-by: Austin Seipp <aseipp@pobox.com>
2014-02-20 20:21:11 -06:00
Evgeny Egorochkin
ad4e2bd499 linux_3_4: update from 3.4.79 to 3.4.80 2014-02-14 16:55:44 +02:00
Evgeny Egorochkin
69f4bdac6e linux: add git repository and branch meta 2014-02-14 10:45:36 +02:00
Vladimír Čunát
24029ec478 linux: minor updates 3.12.10, 3.10.29, 3.4.79 2014-02-08 11:54:16 +01:00
Eelco Dolstra
b913a2eb81 linux: Update to 3.4.78 2014-01-31 18:00:13 +01:00
Vladimír Čunát
a9caafa0ea linux kernel updates to 3.4.77, 3.10.28 and 3.12.9
I tested they still build on x86_64.
2014-01-26 17:07:31 +01:00
Eelco Dolstra
03ad7a081c linux: Update to 3.4.76 2014-01-15 10:55:53 +01:00
Eelco Dolstra
c3db56527d linux: Update to 3.4.75 2014-01-07 11:08:16 +01:00
Eelco Dolstra
82f39bd19e linux: Fix hash 2013-12-17 13:27:03 +01:00
Eelco Dolstra
acac786868 linux: Update to 3.4.74 2013-12-16 14:46:21 +01:00
Eelco Dolstra
f74ca42ba6 linux: Update to 3.4.73 2013-12-11 14:28:37 +01:00
Eelco Dolstra
3b94410d86 linux: Update to 3.4.71 2013-12-01 18:20:39 -05:00
Eelco Dolstra
139c5b5069 linux: Update to 3.4.70 2013-11-26 11:46:41 +01:00
Eelco Dolstra
af7162b7a3 linux: Update to 3.4.69 2013-11-13 17:33:58 +01:00
Eelco Dolstra
07ccfe6af8 linux: Update to 3.4.68 2013-11-06 10:29:27 +01:00
Eelco Dolstra
8c65a2a181 linux: Update to 3.4.67 2013-10-24 14:52:09 +02:00
Eelco Dolstra
fc593e719d linux: Update to 3.4.66
CVE-2013-2015
2013-10-14 12:52:22 +02:00
Mathijs Kwik
c242863da8 linux-3.4: upgrade to 3.4.65 2013-10-06 20:17:01 +02:00
Eelco Dolstra
02c11554d7 linux: Update to 3.4.63 2013-09-30 11:29:27 +02:00
Eelco Dolstra
2d14789920 linux: Update to 3.4.62 2013-09-16 17:51:18 +02:00
Eelco Dolstra
89fa23c43d linux: Update to 3.4.61 2013-09-12 10:38:38 +02:00
Eelco Dolstra
207aa56201 linux: Update to 3.4.60 2013-09-05 11:11:02 +02:00
Eelco Dolstra
a1c74c5603 linux: Update to 3.4.59 2013-08-26 22:55:54 +02:00
Eelco Dolstra
5cb688eb52 linux: Update to 3.4.58 2013-08-16 12:05:42 +02:00
Eelco Dolstra
912146d764 linux: Update to 3.4.56, 3.10.5 2013-08-06 12:40:48 +02:00
Eelco Dolstra
7ce325f3e0 Unify the Linux kernel configurations
Having N different copies of the NixOS kernel configuration is bad
because these copies tend to diverge.  For instance, our 3.10 config
lacked some modules that were enabled in older configs, probably
because the 3.10 config had been copied off an earlier version of some
older kernel config.

So now there is a single kernel config in common-config.nix.  It has a
few conditionals to deal with new/removed kernel options, but
otherwise it's pretty straightforward.

Also, a lot of cut&paste boilerplate between the kernel Nix
expressions is gone (such as preConfigure).
2013-08-01 01:40:40 +02:00
Eelco Dolstra
3c462ded97 linux: Update to 3.2.49, 3.4.55 2013-07-30 16:52:12 +02:00
Eelco Dolstra
1386036457 linux: Update to 3.4.54 2013-07-23 22:35:49 +02:00
Eelco Dolstra
66b2ff1074 linux: Update to 3.4.53 2013-07-15 14:33:27 +02:00
Eelco Dolstra
ebe81d17d7 linux: Update to 3.2.48, 3.4.51 2013-07-02 14:40:08 +02:00
Rickard Nilsson
4800a33b88 Linux 3.4: Doesn't support CONFIG_RC_DEVICES option 2013-06-27 12:13:27 +02:00
Rickard Nilsson
b7ccfc258a Linux 3.2-3.9: Add CONFIG_RC_DEVICES=y, to enable IR devices that can be used by lirc/devinput 2013-06-25 20:13:11 +02:00
Mathijs Kwik
d7911372a8 linux-3.4: upgrade to 3.4.47 2013-06-04 07:50:59 +02:00
Eelco Dolstra
a1a725d20d linux: Set AUDIT_LOGINUID_IMMUTABLE
This prevents faking the loginuid even by root.
2013-05-13 11:53:00 +02:00
David Guibert
0e98cd4a65 update linux versions 2013-05-12 20:28:45 +02:00
Mathijs Kwik
1264fafe98 linux-3.4: upgrade to 3.4.44 2013-05-08 22:33:05 +02:00
David Guibert
008bb6935c update kernels 3.0, 3.2, 3.4, 3.8 and 3.9-rc 2013-04-26 09:12:35 +02:00
Mathijs Kwik
384de84023 linux-3.4: upgrade to 3.4.41 2013-04-19 14:53:00 +02:00
Mathijs Kwik
e20d9d0a97 linux-3.4: upgrade to 3.4.40 2013-04-14 00:35:39 +02:00
Mathijs Kwik
4eff34e602 linux-3.4: upgrade to 3.4.39 2013-04-06 20:45:29 +02:00
Mathijs Kwik
d0c6308da7 linux-3.4: upgrade to 3.4.38 2013-04-04 22:18:07 +02:00
Eelco Dolstra
f0d45e2e25 Linux kernel: Enable CONFIG_FHANDLE
This enables the open_by_handle_at(2) and name_to_handle_at(2)
syscalls.  Systemd kind of requires this.
2013-03-27 23:00:02 +01:00