From 24446ce299943efe3dfded6c9dd0cf9421d8da04 Mon Sep 17 00:00:00 2001 From: Tobias Geerinckx-Rice Date: Wed, 17 Jul 2019 09:09:15 +0200 Subject: gnu: linux-libre: Restrict ‘dmesg’ to privileged users. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT. --- gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 52883282e8..4689c61a58 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -561,7 +561,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) -- cgit 1.4.1