kernel: set virtualization options regardless of grsec

Per my own testing, the NixOS grsecurity kernel works both as a
KVM-based virtualisation host and guest; there appears to be no good
reason to making these conditional on `features.grsecurity`.

More generally, it's unclear what `features.grsecurity` *means*. If
someone configures a grsecurity kernel in such a fashion that it breaks
KVM support, they should know to disable KVM themselves.
This commit is contained in:
Joachim Fasting 2016-05-17 05:20:48 +02:00
parent d8e4432fe2
commit 4ae5eb97f1
No known key found for this signature in database
GPG key ID: 4330820E1E04DCF4

View file

@ -420,13 +420,11 @@ with stdenv.lib;
# Virtualisation.
PARAVIRT? y
${optionalString (!(features.grsecurity or false))
(if versionAtLeast version "3.10" then ''
HYPERVISOR_GUEST y
'' else ''
PARAVIRT_GUEST? y
'')
}
${if versionAtLeast version "3.10" then ''
HYPERVISOR_GUEST y
'' else ''
PARAVIRT_GUEST? y
''}
KVM_APIC_ARCHITECTURE y
KVM_ASYNC_PF y
${optionalString (versionOlder version "3.7") ''
@ -441,9 +439,7 @@ with stdenv.lib;
${optionalString (versionAtLeast version "4.0") ''
KVM_GENERIC_DIRTYLOG_READ_PROTECT y
''}
${optionalString (!features.grsecurity or true) ''
KVM_GUEST y
''}
KVM_GUEST y
KVM_MMIO y
${optionalString (versionAtLeast version "3.13") ''
KVM_VFIO y