From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: [PATCH] =?UTF-8?q?gnu:=20linux-libre:=20Restrict=20=E2=80=98dmesg?= =?UTF-8?q?=E2=80=99=20to=20privileged=20users.?= Date: Wed, 17 Jul 2019 09:26:08 +0200 Message-ID: <20190717072608.17678-1-me@tobias.gr> References: <87r26p9m6h.fsf@nckx> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:55840) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hneKa-0003vY-3D for guix-devel@gnu.org; Wed, 17 Jul 2019 03:26:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hneKY-0007me-Kf for guix-devel@gnu.org; Wed, 17 Jul 2019 03:26:28 -0400 In-Reply-To: <87r26p9m6h.fsf@nckx> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org, guix-patches@gnu.org * gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT. --- Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html Patchy patch. gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 30192f195d..73c7083e7c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) -- 2.22.0