diff --git a/nixos/modules/security/grsecurity.nix b/nixos/modules/security/grsecurity.nix
index 35974f6890e6..f305d8f523b5 100644
--- a/nixos/modules/security/grsecurity.nix
+++ b/nixos/modules/security/grsecurity.nix
@@ -112,9 +112,6 @@ in
kernel.grsecurity.grsec_lock to
non-zero as soon as all sysctl options are set. *THIS IS
EXTREMELY IMPORTANT*!
-
- If disabled, this also turns off the
- systemd-sysctl service.
'';
};
@@ -229,11 +226,8 @@ in
kernel 3.19) to continue.
'';
}
- { assertion = (cfg.stable -> !cfg.testing) || (cfg.testing -> !cfg.stable);
- message = ''
- You must select either the stable or testing patch, not
- both.
- '';
+ { assertion = !(cfg.stable && cfg.testing);
+ message = "Select either one of the stable or testing patch";
}
{ assertion = (cfg.config.restrictProc -> !cfg.config.restrictProcWithGroup) ||
(cfg.config.restrictProcWithGroup -> !cfg.config.restrictProc);