[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

unofficial mirror of guix-patches@gnu.org 
 help / color / mirror / code / Atom feed

* [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
       [not found] <87r26p9m6h.fsf@nckx>
@ 2019-07-17  7:26 ` Tobias Geerinckx-Rice
       [not found]   ` <87o91gju50.fsf@gnu.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Tobias Geerinckx-Rice @ 2019-07-17  7:26 UTC (permalink / raw)
  To: guix-devel, guix-patches

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0

^ permalink raw reply related	[flat|nested] 2+ messages in thread

[parent not found: <87o91gju50.fsf@gnu.org>]

* bug#36701: [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
       [not found]   ` <87o91gju50.fsf@gnu.org>
@ 2019-07-26 23:19     ` Tobias Geerinckx-Rice via Guix-patches
  0 siblings, 0 replies; 2+ messages in thread
From: Tobias Geerinckx-Rice via Guix-patches @ 2019-07-26 23:19 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 36701-done

[-- Attachment #1: Type: text/plain, Size: 283 bytes --]

Ludo',

Ludovic Courtès 写道：
> Tobias Geerinckx-Rice <me@tobias.gr> skribis:
>
>> * gnu/packages/linux.scm (%default-extra-linux-options):
>> Set CONFIG_SECURITY_DMESG_RESTRICT.
>
> Go for it!

Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04.

Thanks!

T G-R

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2019-07-26 23:20 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <87r26p9m6h.fsf@nckx>
2019-07-17  7:26 ` [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users Tobias Geerinckx-Rice
     [not found]   ` <87o91gju50.fsf@gnu.org>
2019-07-26 23:19     ` bug#36701: " Tobias Geerinckx-Rice via Guix-patches

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).