From 4ae5eb97f12218525ebb3657b311ac52e21c8418 Mon Sep 17 00:00:00 2001 From: Joachim Fasting Date: Tue, 17 May 2016 05:20:48 +0200 Subject: [PATCH] kernel: set virtualization options regardless of grsec Per my own testing, the NixOS grsecurity kernel works both as a KVM-based virtualisation host and guest; there appears to be no good reason to making these conditional on `features.grsecurity`. More generally, it's unclear what `features.grsecurity` *means*. If someone configures a grsecurity kernel in such a fashion that it breaks KVM support, they should know to disable KVM themselves. --- pkgs/os-specific/linux/kernel/common-config.nix | 16 ++++++---------- 1 file changed, 6 insertions(+), 10 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/common-config.nix b/pkgs/os-specific/linux/kernel/common-config.nix index bd0bd1424865..624d380fe568 100644 --- a/pkgs/os-specific/linux/kernel/common-config.nix +++ b/pkgs/os-specific/linux/kernel/common-config.nix @@ -420,13 +420,11 @@ with stdenv.lib; # Virtualisation. PARAVIRT? y - ${optionalString (!(features.grsecurity or false)) - (if versionAtLeast version "3.10" then '' - HYPERVISOR_GUEST y - '' else '' - PARAVIRT_GUEST? y - '') - } + ${if versionAtLeast version "3.10" then '' + HYPERVISOR_GUEST y + '' else '' + PARAVIRT_GUEST? y + ''} KVM_APIC_ARCHITECTURE y KVM_ASYNC_PF y ${optionalString (versionOlder version "3.7") '' @@ -441,9 +439,7 @@ with stdenv.lib; ${optionalString (versionAtLeast version "4.0") '' KVM_GENERIC_DIRTYLOG_READ_PROTECT y ''} - ${optionalString (!features.grsecurity or true) '' - KVM_GUEST y - ''} + KVM_GUEST y KVM_MMIO y ${optionalString (versionAtLeast version "3.13") '' KVM_VFIO y