Let hardened NixOS run 32-bit executables

nixpkgs.patch

From 0554a382fc0e0a31a12dabe2e09c4fae3388d0e9 Mon Sep 17 00:00:00 2001
From: Ivan Kozik <ivan@ludios.org>
Date: Thu, 20 Dec 2018 00:34:04 +0000
Subject: [PATCH] hardened kernel: keep support for 32-bit executables

NixOS relies on them: https://github.com/NixOS/nixpkgs/issues/51097

We also use 32-bit foobar2000 and some 32-bit games.
---
 pkgs/os-specific/linux/kernel/hardened-config.nix | 1 -
 pkgs/top-level/all-packages.nix                   | 2 +-
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened-config.nix b/pkgs/os-specific/linux/kernel/hardened-config.nix
index 156a4cf4423..04112c1f5a7 100644
--- a/pkgs/os-specific/linux/kernel/hardened-config.nix
+++ b/pkgs/os-specific/linux/kernel/hardened-config.nix
@@ -19,7 +19,6 @@ optionalAttrs (stdenv.hostPlatform.platform.kernelArch == "x86_64") {
   DEFAULT_MMAP_MIN_ADDR = freeform "65536";  # Prevent allocation of first 64K of memory
 
   # Reduce attack surface by disabling various emulations
-  IA32_EMULATION     = no;
   X86_X32            = no;
   # Note: this config depends on EXPERT y and so will not take effect, hence
   # it is left "optional" for now.
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 374497dc057..1e7538cac3e 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -15993,7 +15993,7 @@ in
 
   # Hardened linux
   hardenedLinuxPackagesFor = kernel: linuxPackagesFor (kernel.override {
-    features.ia32Emulation = false;
+    features.ia32Emulation = true;
     structuredExtraConfig = import ../os-specific/linux/kernel/hardened-config.nix {
       inherit stdenv;
       inherit (kernel) version;
-- 
2.22.0