kernel: set virtualization options regardless of grsec
Per my own testing, the NixOS grsecurity kernel works both as a KVM-based virtualisation host and guest; there appears to be no good reason to making these conditional on `features.grsecurity`. More generally, it's unclear what `features.grsecurity` *means*. If someone configures a grsecurity kernel in such a fashion that it breaks KVM support, they should know to disable KVM themselves.
This commit is contained in:
parent
d8e4432fe2
commit
4ae5eb97f1
1 changed files with 6 additions and 10 deletions
|
@ -420,13 +420,11 @@ with stdenv.lib;
|
|||
|
||||
# Virtualisation.
|
||||
PARAVIRT? y
|
||||
${optionalString (!(features.grsecurity or false))
|
||||
(if versionAtLeast version "3.10" then ''
|
||||
HYPERVISOR_GUEST y
|
||||
'' else ''
|
||||
PARAVIRT_GUEST? y
|
||||
'')
|
||||
}
|
||||
${if versionAtLeast version "3.10" then ''
|
||||
HYPERVISOR_GUEST y
|
||||
'' else ''
|
||||
PARAVIRT_GUEST? y
|
||||
''}
|
||||
KVM_APIC_ARCHITECTURE y
|
||||
KVM_ASYNC_PF y
|
||||
${optionalString (versionOlder version "3.7") ''
|
||||
|
@ -441,9 +439,7 @@ with stdenv.lib;
|
|||
${optionalString (versionAtLeast version "4.0") ''
|
||||
KVM_GENERIC_DIRTYLOG_READ_PROTECT y
|
||||
''}
|
||||
${optionalString (!features.grsecurity or true) ''
|
||||
KVM_GUEST y
|
||||
''}
|
||||
KVM_GUEST y
|
||||
KVM_MMIO y
|
||||
${optionalString (versionAtLeast version "3.13") ''
|
||||
KVM_VFIO y
|
||||
|
|
Loading…
Reference in a new issue