Message ID | 20190717072608.17678-1-me@tobias.gr |
---|---|
State | Accepted |
Headers | show |
Series | [bug#36701] gnu: linux-libre: Restrict ‘dmesg’ to privileged users. | expand |
Tobias Geerinckx-Rice <me@tobias.gr> skribis: > * gnu/packages/linux.scm (%default-extra-linux-options): > Set CONFIG_SECURITY_DMESG_RESTRICT. Go for it! Ludo’.
Ludo', Ludovic Courtès 写道: > Tobias Geerinckx-Rice <me@tobias.gr> skribis: > >> * gnu/packages/linux.scm (%default-extra-linux-options): >> Set CONFIG_SECURITY_DMESG_RESTRICT. > > Go for it! Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04. Thanks! T G-R
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 30192f195d..73c7083e7c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m)