5440c1a64c
Notably, this pulls in the dirtycow fix from upstream (but I've been unable to execute the POC exploits on grsec kernels without that fix ...)
19 lines
560 B
Nix
19 lines
560 B
Nix
{ stdenv, fetchurl, perl, buildLinux, ... } @ args:
|
|
|
|
import ./generic.nix (args // rec {
|
|
version = "4.7.10";
|
|
extraMeta.branch = "4.7";
|
|
|
|
src = fetchurl {
|
|
url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
|
|
sha256 = "1p2r5d0jcrak9gxp0339g9z198x9laf09h08ck4jllhhaajrnicj";
|
|
};
|
|
|
|
kernelPatches = args.kernelPatches;
|
|
|
|
features.iwlwifi = true;
|
|
features.efiBootStub = true;
|
|
features.needsCifsUtils = true;
|
|
features.canDisableNetfilterConntrackHelpers = true;
|
|
features.netfilterRPFilter = true;
|
|
} // (args.argsOverride or {}))
|