[PATCH] gnu: linux-libre: Restrict ‘dmesg ’ to privileged users.
* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---
Patchy patch.
gnu/packages/linux.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
Toggle diff (17 lines)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
(search-auxiliary-file file)))
(define %default-extra-linux-options
- `(;; Modules required for initrd:
+ `(;; Some very mild hardening.
+ ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+ ;; Modules required for initrd:
("CONFIG_NET_9P" . m)
("CONFIG_NET_9P_VIRTIO" . m)
("CONFIG_VIRTIO_BLK" . m)
--
2.22.0