From fea7b7502518d56c814ad5d72653b756781adee3 Mon Sep 17 00:00:00 2001 From: Artemis Tosini Date: Thu, 27 Jan 2022 16:46:11 +0000 Subject: [PATCH] Upate and add execveat_common kernel patch --- flake.lock | 18 +++++++++--------- sets/kernelpatch.nix | 12 ++++++++++++ system/starlight/default.nix | 1 + 3 files changed, 22 insertions(+), 9 deletions(-) create mode 100644 sets/kernelpatch.nix diff --git a/flake.lock b/flake.lock index cf7db2d..1699e58 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1639871969, - "narHash": "sha256-6feWUnMygRzA9tzkrfAzpA5/NBYg75bkFxnqb1DtD7E=", + "lastModified": 1642653493, + "narHash": "sha256-22mGPjiHUo2Jmze4IjXCJLjeK2mbvvCztHmUyUMr4yw=", "owner": "nix-community", "repo": "home-manager", - "rev": "697cc8c68ed6a606296efbbe9614c32537078756", + "rev": "28b9ae40c45c5e7711c353fee1b7af734e293979", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1642190797, - "narHash": "sha256-cxeEEAtfIACnm8sV1oz0xlNp9IVk10Fxcc09ggoEZuo=", + "lastModified": 1643247693, + "narHash": "sha256-rmShxIuNjYBz4l83J0J++sug+MURUY1koPCzX4F8hfo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "3ddd960a3b575bf3230d0e59f42614b71f9e0db9", + "rev": "6c4b9f1a2fd761e2d384ef86cff0d208ca27fdca", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1642373004, - "narHash": "sha256-AZ1fTklT9OkLFtmZ8qMbQ2Uf1dF0+np3WjnTIIquApA=", + "lastModified": 1643262078, + "narHash": "sha256-1aVvEq0GDONmBDntHck168jonD9saMRshVgT47EwfqE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b13052a35a63e1ea9eba916ffe48886ab7af58ce", + "rev": "d01b2cc71bf6e220e164bf57d757624b01429ba0", "type": "github" }, "original": { diff --git a/sets/kernelpatch.nix b/sets/kernelpatch.nix new file mode 100644 index 0000000..88e0d63 --- /dev/null +++ b/sets/kernelpatch.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + boot.kernelPatches = [{ + name = "fix-execve"; + patch = pkgs.fetchpatch + { + url = "https://git.alpinelinux.org/aports/plain/main/linux-lts/0001-fs-exec-require-argv-0-presence-in-do_execveat_commo.patch?id=520e6dfd6e814414ab7cf862b897ca6ba427d30f"; + sha256 = "sha256-vrN64lGDiAFgMn5SGWiI9MwNRct4m9DJDxokFZ6EpiE="; + }; + }]; +} diff --git a/system/starlight/default.nix b/system/starlight/default.nix index d1c3a54..6a2c60e 100644 --- a/system/starlight/default.nix +++ b/system/starlight/default.nix @@ -17,6 +17,7 @@ ../../sets/virtualization.nix ../../sets/workstation.nix ../../sets/1password.nix + ../../sets/kernelpatch.nix ]; # Network