Hello, Ricardo Wurmus writes: > Ludovic Courtès writes: > >> Hi, >> >> Alex Vong skribis: >> >>> I think we should set /proc/sys/kernel/dmesg_restrict to 1 by default to >>> prevent unprivileged users from reading the kernel ring buffer (since it >>> could expose sensitive information about the system). >> >> We could have a ‘dmesg-restrict’ service that would write to that file >> as part of system activation, and we’d add it to ‘%base-packages’. >> WDYT? > > This sounds good! I just find out there are at least 2 other ways to set kernel parameters. One is to append the line "kernel.dmesg_restrict=1" to the file "/etc/sysctl.conf". The other way is to run the command "sudo sysctl -w kernel.dmesg_restrict=1". It appears to me that writing to "/etc/sysctl.conf" is better (since it is declarative). WDYT? What is our current way of setting kernel parameters?