From mboxrd@z Thu Jan  1 00:00:00 1970
From: Tobias Geerinckx-Rice <me@tobias.gr>
Subject: [PATCH] =?UTF-8?q?gnu:=20linux-libre:=20Restrict=20=E2=80=98dmesg?=
 =?UTF-8?q?=E2=80=99=20to=20privileged=20users.?=
Date: Wed, 17 Jul 2019 09:26:08 +0200
Message-Id: <20190717072608.17678-1-me@tobias.gr>
In-Reply-To: <87r26p9m6h.fsf@nckx>
References: <87r26p9m6h.fsf@nckx>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+kyle=kyleam.com@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+kyle=kyleam.com@gnu.org>
To: guix-devel@gnu.org, guix-patches@gnu.org
List-ID: <guix-patches.gnu.org>

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0