From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tobias Geerinckx-Rice Subject: [PATCH] =?UTF-8?q?gnu:=20linux-libre:=20Restrict=20=E2=80=98dmesg?= =?UTF-8?q?=E2=80=99=20to=20privileged=20users.?= Date: Wed, 17 Jul 2019 09:26:08 +0200 Message-Id: <20190717072608.17678-1-me@tobias.gr> In-Reply-To: <87r26p9m6h.fsf@nckx> References: <87r26p9m6h.fsf@nckx> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-devel" To: guix-devel@gnu.org, guix-patches@gnu.org List-ID: * gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT. --- Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html Patchy patch. gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 30192f195d..73c7083e7c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) -- 2.22.0