[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

DoneSubmitted by Tobias Geerinckx-Rice.
Details
2 participants
  • Ludovic Courtès
  • Tobias Geerinckx-Rice
Owner
unassigned
Severity
normal
T
T
Tobias Geerinckx-Rice wrote on 17 Jul 2019 09:26
[PATCH] gnu: linux-libre: Restrict ‘dmesg ’ to privileged users.
20190717072608.17678-1-me@tobias.gr
* gnu/packages/linux.scm (%default-extra-linux-options):Set CONFIG_SECURITY_DMESG_RESTRICT.---
Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html
Patchy patch.
gnu/packages/linux.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
Toggle diff (17 lines)diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scmindex 30192f195d..73c7083e7c 100644--- a/gnu/packages/linux.scm+++ b/gnu/packages/linux.scm@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options- `(;; Modules required for initrd:+ `(;; Some very mild hardening.+ ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)+ ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m)-- 2.22.0
L
L
Ludovic Courtès wrote on 27 Jul 2019 00:41
Re: [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘ dmesg’ to privileged users.
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)
87o91gju50.fsf@gnu.org
Tobias Geerinckx-Rice <me@tobias.gr> skribis:
Toggle quote (3 lines)> * gnu/packages/linux.scm (%default-extra-linux-options):> Set CONFIG_SECURITY_DMESG_RESTRICT.
Go for it!
Ludo’.
T
T
Tobias Geerinckx-Rice wrote on 27 Jul 2019 01:19
(name . Ludovic Courtès)(address . ludo@gnu.org)(address . 36701-done@debbugs.gnu.org)
87k1c4gz9a.fsf@nckx
Ludo',
Ludovic Courtès 写道:
Toggle quote (7 lines)> Tobias Geerinckx-Rice <me@tobias.gr> skribis:>>> * gnu/packages/linux.scm (%default-extra-linux-options):>> Set CONFIG_SECURITY_DMESG_RESTRICT.>> Go for it!
Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04.
Thanks!
T G-R
-----BEGIN PGP SIGNATURE-----
iHQEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXTuKgQAKCRANsP+IT1VteXfQAPYwlOHXveLW3jFfoSJSKG6t3SK+AE/+Kz6qDsgYG+zRAQDnOtwyI2qKsSg6tLNUT4DunOmRb0dkNHqDnFHrLXLTDw===+yZu-----END PGP SIGNATURE-----
Closed
?
Your comment

This issue is archived.

To comment on this conversation send email to 36701@debbugs.gnu.org