[bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged use

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged use

From:	Tobias Geerinckx-Rice
Subject:	[bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
Date:	Wed, 17 Jul 2019 09:26:08 +0200

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such 
configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users., Tobias Geerinckx-Rice <=
- [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users., Ludovic Courtès, 2019/07/26
  - bug#36701: [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users., Tobias Geerinckx-Rice, 2019/07/26

Prev by Date: [bug#36555] [PATCH v3 3/3] tests: Add reconfigure system test.
Next by Date: bug#36669: [PATCH] gnu: Add gnaural.
Previous by thread: [bug#36699] [PATCH 0/4] Strengthen '.guix-channel' file handling
Next by thread: [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
Index(es):
- Date
- Thread