BoomMicrophone/nixpkgs-suyu
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

nixos/virtualbox: Revert disable hardening.

Browse source 
This reverts commit 5d67b17901.

The issues have been resolved by ac603e208c.

Tested this with hostonlyifs and USB support with extension pack.

Conflicts:
	nixos/modules/programs/virtualbox-host.nix

Signed-off-by: aszlig <aszlig@redmoonstudios.org>
Tested-by: Mateusz Kowalczyk <fuuzetsu@fuuzetsu.co.uk>
This commit is contained in:
aszlig 2014-12-18 18:12:25 +01:00
parent 06e6d7def2
commit f7384b8c75
No known key found for this signature in database
GPG key ID: D0EBD0EC8C2DC961
1 changed files with 1 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
nixos/modules/programs/virtualbox-host.nix
View file

@ -35,7 +35,7 @@ in
enableHardening = mkOption { enableHardening = mkOption {
type = types.bool; type = types.bool;
default = false; default = true;
description = '' description = ''
Enable hardened VirtualBox, which ensures that only the binaries in the Enable hardened VirtualBox, which ensures that only the binaries in the
system path get access to the devices exposed by the kernel modules system path get access to the devices exposed by the kernel modules
@ -54,13 +54,6 @@ in
boot.extraModulePackages = [ virtualbox ]; boot.extraModulePackages = [ virtualbox ];
environment.systemPackages = [ virtualbox ]; environment.systemPackages = [ virtualbox ];
warnings = mkIf (!cfg.enableHardening) (singleton (
"Hardening is currently disabled for VirtualBox, because of some " +
"issues in conjunction with host-only-interfaces. If you don't use " +
"hostonlyifs, it's strongly recommended to set " +
"`services.virtualboxHost.enableHardening = true'!"
));
security.setuidOwners = let security.setuidOwners = let
mkSuid = program: { mkSuid = program: {
inherit program; inherit program;