diff options
author | Franz Pletz <fpletz@fnordicwalking.de> | 2017-01-20 17:46:44 +0100 |
---|---|---|
committer | Franz Pletz <fpletz@fnordicwalking.de> | 2017-01-20 17:46:44 +0100 |
commit | 00ab8e84c672fbf4b9a97ddc3ff94863ac7f14b8 (patch) | |
tree | 86bb8e116a354e0e9979042d8272186bc8ec360e /doc | |
parent | 305e3e27b6a5346d24fd8cdbf71667245707bbb0 (diff) |
doc: improve hardening docs
Fixes #18887.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/stdenv.xml | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/doc/stdenv.xml b/doc/stdenv.xml index 68441ea9393a..44a0e4601fc1 100644 --- a/doc/stdenv.xml +++ b/doc/stdenv.xml @@ -1401,8 +1401,15 @@ These can be toggled using the <varname>stdenv.mkDerivation</varname> parameters <varname>hardeningDisable</varname> and <varname>hardeningEnable</varname>. </para> -<para>The following flags are enabled by default and might require disabling -if the program to package is incompatible. +<para> +Both parameters take a list of flags as strings. The special +<varname>"all"</varname> flag can be passed to <varname>hardeningDisable</varname> +to turn off all hardening. These flags can also be used as environment variables +for testing or development purposes. +</para> + +<para>The following flags are enabled by default and might require disabling with +<varname>hardeningDisable</varname> if the program to package is incompatible. </para> <variablelist> @@ -1563,7 +1570,8 @@ intel_drv.so: undefined symbol: vgaHWFreeHWRec </variablelist> <para>The following flags are disabled by default and should be enabled -for packages that take untrusted input, like network services. +with <varname>hardeningEnable</varname> for packages that take untrusted +input like network services. </para> <variablelist> |