Unverified Commit 8db1ad78 authored by Nick Cao's avatar Nick Cao
Browse files

linux: enable PERSISTENT_KEYRINGS and KEYS_REQUEST_CACHE 

PERSISTENT_KEYRINGS provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis.
KEYS_REQUEST_CACHE enable temporary caching of the last request_key() result.
parent 22c17bd5

pkgs/os-specific/linux/kernel/common-config.nix

+5 −0
Original line number Diff line number Diff line
@@ -504,6 +504,11 @@ let 
      # Depends on MODULE_SIG and only really helps when you sign your modules

      # and enforce signatures which we don't do by default.

      SECURITY_LOCKDOWN_LSM = option no;



      # provides a register of persistent per-UID keyrings, useful for encrypting storage pools in stratis

      PERSISTENT_KEYRINGS              = yes;

      # enable temporary caching of the last request_key() result

      KEYS_REQUEST_CACHE               = whenAtLeast "5.3" yes;

    } // optionalAttrs (!stdenv.hostPlatform.isAarch32) {



      # Detect buffer overflows on the stack