summary refs log tree commit diff
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2019-07-17 09:09:15 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2019-07-27 01:18:24 +0200
commit24446ce299943efe3dfded6c9dd0cf9421d8da04 (patch)
treeff19a975251daf7ad45fec61016258bd606cf9f8
parent4b0356590a57bc27a61956b981f4a90efcf9c92d (diff)
downloadguix-24446ce299943efe3dfded6c9dd0cf9421d8da04.tar.gz
gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
-rw-r--r--gnu/packages/linux.scm4
1 files changed, 3 insertions, 1 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 52883282e8..4689c61a58 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -561,7 +561,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)