* [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users. [not found] <87r26p9m6h.fsf@nckx> @ 2019-07-17 7:26 ` Tobias Geerinckx-Rice [not found] ` <87o91gju50.fsf@gnu.org> 0 siblings, 1 reply; 2+ messages in thread From: Tobias Geerinckx-Rice @ 2019-07-17 7:26 UTC (permalink / raw) To: guix-devel, guix-patches * gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT. --- Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html Patchy patch. gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 30192f195d..73c7083e7c 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) -- 2.22.0 ^ permalink raw reply related [flat|nested] 2+ messages in thread
[parent not found: <87o91gju50.fsf@gnu.org>]
* bug#36701: [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users. [not found] ` <87o91gju50.fsf@gnu.org> @ 2019-07-26 23:19 ` Tobias Geerinckx-Rice via Guix-patches 0 siblings, 0 replies; 2+ messages in thread From: Tobias Geerinckx-Rice via Guix-patches @ 2019-07-26 23:19 UTC (permalink / raw) To: Ludovic Courtès; +Cc: 36701-done [-- Attachment #1: Type: text/plain, Size: 283 bytes --] Ludo', Ludovic Courtès 写道: > Tobias Geerinckx-Rice <me@tobias.gr> skribis: > >> * gnu/packages/linux.scm (%default-extra-linux-options): >> Set CONFIG_SECURITY_DMESG_RESTRICT. > > Go for it! Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04. Thanks! T G-R [-- Attachment #2: signature.asc --] [-- Type: application/pgp-signature, Size: 227 bytes --] ^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-07-26 23:20 UTC | newest] Thread overview: 2+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <87r26p9m6h.fsf@nckx> 2019-07-17 7:26 ` [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users Tobias Geerinckx-Rice [not found] ` <87o91gju50.fsf@gnu.org> 2019-07-26 23:19 ` bug#36701: " Tobias Geerinckx-Rice via Guix-patches
Code repositories for project(s) associated with this public inbox https://git.savannah.gnu.org/cgit/guix.git This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).