Hello Guix,

I think we should set /proc/sys/kernel/dmesg_restrict to 1 by default to
prevent unprivileged users from reading the kernel ring buffer (since it
could expose sensitive information about the system).

Debian does this. I don't know about other distros.

Cheers,
Alex