From f7384b8c75a17689aca3a53617b937e1bf67b417 Mon Sep 17 00:00:00 2001
From: aszlig <aszlig@redmoonstudios.org>
Date: Thu, 18 Dec 2014 18:12:25 +0100
Subject: [PATCH] nixos/virtualbox: Revert disable hardening.

This reverts commit 5d67b17901ff2c9a18647bd9453c6b0d4294b875.

The issues have been resolved by ac603e208c98b260db675fa0c13be94fa95216f4.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
---
 nixos/modules/programs/virtualbox-host.nix | 9 +--------
 1 file changed, 1 insertion(+), 8 deletions(-)

diff --git a/nixos/modules/programs/virtualbox-host.nix b/nixos/modules/programs/virtualbox-host.nix
index 504ef36d44be..fc113a08a356 100644
--- a/nixos/modules/programs/virtualbox-host.nix
+++ b/nixos/modules/programs/virtualbox-host.nix
@@ -35,7 +35,7 @@ in
 
     enableHardening = mkOption {
       type = types.bool;
-      default = false;
+      default = true;
       description = ''
         Enable hardened VirtualBox, which ensures that only the binaries in the
         system path get access to the devices exposed by the kernel modules
@@ -54,13 +54,6 @@ in
     boot.extraModulePackages = [ virtualbox ];
     environment.systemPackages = [ virtualbox ];
 
-    warnings = mkIf (!cfg.enableHardening) (singleton (
-      "Hardening is currently disabled for VirtualBox, because of some " +
-      "issues in conjunction with host-only-interfaces. If you don't use " +
-      "hostonlyifs, it's strongly recommended to set " +
-      "`services.virtualboxHost.enableHardening = true'!"
-    ));
-
     security.setuidOwners = let
       mkSuid = program: {
         inherit program;