From unknown Tue Jul 08 04:30:22 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#36701 <36701@debbugs.gnu.org>
To: bug#36701 <36701@debbugs.gnu.org>
Subject: Status: [PATCH] gnu: linux-libre: Restrict =?UTF-8?Q?=E2=80=98dmesg=E2=80=99?=
 to privileged users.
Reply-To: bug#36701 <36701@debbugs.gnu.org>
Date: Tue, 08 Jul 2025 11:30:22 +0000

retitle 36701 [PATCH] gnu: linux-libre: Restrict =E2=80=98dmesg=E2=80=99 to=
 privileged users.
reassign 36701 guix-patches
submitter 36701 Tobias Geerinckx-Rice <me@tobias.gr>
severity 36701 normal
tag 36701 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Wed Jul 17 03:26:35 2019
Received: (at submit) by debbugs.gnu.org; 17 Jul 2019 07:26:35 +0000
Received: from localhost ([127.0.0.1]:51458 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hneKg-0004oR-UP
	for submit@debbugs.gnu.org; Wed, 17 Jul 2019 03:26:35 -0400
Received: from lists.gnu.org ([209.51.188.17]:37590)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1hneKd-0004oI-DY
 for submit@debbugs.gnu.org; Wed, 17 Jul 2019 03:26:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:55853)
 by lists.gnu.org with esmtp (Exim 4.86_2)
 (envelope-from <me@tobias.gr>) id 1hneKc-0003w2-Er
 for guix-patches@gnu.org; Wed, 17 Jul 2019 03:26:31 -0400
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org
X-Spam-Level: 
X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_20,URIBL_BLOCKED
 autolearn=disabled version=3.3.2
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
 (envelope-from <me@tobias.gr>) id 1hneKb-0007pS-76
 for guix-patches@gnu.org; Wed, 17 Jul 2019 03:26:30 -0400
Received: from tobias.gr ([2001:470:7405::1]:54010)
 by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
 (Exim 4.71) (envelope-from <me@tobias.gr>)
 id 1hneKX-0007kP-Mo; Wed, 17 Jul 2019 03:26:26 -0400
Received: by tobias.gr (OpenSMTPD) with ESMTP id 774d058e;
 Wed, 17 Jul 2019 07:26:19 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to
 :subject:date:message-id:in-reply-to:references:mime-version
 :content-type:content-transfer-encoding; s=2018; i=me@tobias.gr;
 bh=yOVMyPtIq8fguryMMaXqLecjf+FWTbo+e9jaJEDRyTE=; b=mnJNsISOyFwa
 hFz6k9q8oCOIWHNxcnbgJQ2m5xHdcpPMohXbgraxAFEz6gqSsx8CdE/qVRrPRPoG
 ZbtX/9wZc9oLKHMl+XQRCOtwKw4MaD2RnxFAWgJqNbl8h4fR0nvnbHCQPSshk8k0
 5R3lImwyucX7cMcGtaIrecypLws8pz7pjkAdsXqASHGrMUJbNzgJNITDLYwjV4kg
 EndA3hh9Pp5FfBOiVZUyKTYPvIhkgggnSFhQ/0gfBe6nxklz+6NOEEjn336ZUPbG
 kJ9k23ddPeiw+F37zOf7oFbXdRGDbTmPB5HFGi7qy9HhxJDsJYQeaAFP04huR6gX
 AiD+u1A0Xg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 1aacefec
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Wed, 17 Jul 2019 07:26:19 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: guix-devel@gnu.org,
	guix-patches@gnu.org
Subject: [PATCH] =?UTF-8?q?gnu:=20linux-libre:=20Restrict=20=E2=80=98dmesg?=
 =?UTF-8?q?=E2=80=99=20to=20privileged=20users.?=
Date: Wed, 17 Jul 2019 09:26:08 +0200
Message-Id: <20190717072608.17678-1-me@tobias.gr>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <87r26p9m6h.fsf@nckx>
References: <87r26p9m6h.fsf@nckx>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-detected-operating-system: by eggs.gnu.org: Genre and OS details not
 recognized.
X-Received-From: 2001:470:7405::1
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0





From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 26 18:42:04 2019
Received: (at 36701) by debbugs.gnu.org; 26 Jul 2019 22:42:04 +0000
Received: from localhost ([127.0.0.1]:43445 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hr8uZ-00029u-Lq
	for submit@debbugs.gnu.org; Fri, 26 Jul 2019 18:42:03 -0400
Received: from eggs.gnu.org ([209.51.188.92]:37293)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1hr8uX-00029M-NI
 for 36701@debbugs.gnu.org; Fri, 26 Jul 2019 18:42:02 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e]:59382)
 by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
 id 1hr8uN-0004Ud-8R; Fri, 26 Jul 2019 18:41:52 -0400
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=60848 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@gnu.org>)
 id 1hr8uL-0002ay-Cy; Fri, 26 Jul 2019 18:41:50 -0400
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Tobias Geerinckx-Rice <me@tobias.gr>
Subject: Re: [bug#36701] [PATCH] gnu: linux-libre: Restrict =?utf-8?B?4oCY?=
 =?utf-8?B?ZG1lc2figJk=?= to privileged users.
References: <87r26p9m6h.fsf@nckx> <20190717072608.17678-1-me@tobias.gr>
Date: Sat, 27 Jul 2019 00:41:47 +0200
In-Reply-To: <20190717072608.17678-1-me@tobias.gr> (Tobias Geerinckx-Rice's
 message of "Wed, 17 Jul 2019 09:26:08 +0200")
Message-ID: <87o91gju50.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 36701
Cc: guix-devel@gnu.org, 36701@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Tobias Geerinckx-Rice <me@tobias.gr> skribis:

> * gnu/packages/linux.scm (%default-extra-linux-options):
> Set CONFIG_SECURITY_DMESG_RESTRICT.

Go for it!

Ludo=E2=80=99.




From debbugs-submit-bounces@debbugs.gnu.org Fri Jul 26 19:19:36 2019
Received: (at 36701-done) by debbugs.gnu.org; 26 Jul 2019 23:19:36 +0000
Received: from localhost ([127.0.0.1]:43466 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1hr9Uu-0005FP-4V
	for submit@debbugs.gnu.org; Fri, 26 Jul 2019 19:19:36 -0400
Received: from tobias.gr ([80.241.217.52]:57354)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <me@tobias.gr>) id 1hr9Uq-0005FC-PJ
 for 36701-done@debbugs.gnu.org; Fri, 26 Jul 2019 19:19:34 -0400
Received: by tobias.gr (OpenSMTPD) with ESMTP id eaf0d874;
 Fri, 26 Jul 2019 23:19:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=tobias.gr; h=from:to:cc
 :subject:references:in-reply-to:date:message-id:mime-version
 :content-type; s=2018; i=me@tobias.gr; bh=MRXPzSoxeB0GqNLaFyV8bF
 l9G6OVdeNzwAHlb3wgpUs=; b=O/x8P+/Q7YuHq36OkInfKcXOb/8W9OOeNOod95
 Q6ZXDeTvFn8e24yarrNacojiHaQ6uCGL9URirmm57d1Sj2gUrctukRVDrY6JPAC2
 +hyWkmKP47pIsaAph2qhOQyyqmeFuajkQp0W1W4yxGdjVYt7urzXcJdwkZoe1FUN
 ds06vJt9O16Aw4R5kCYEQyyZ6qC5z+F6UlAP1hr4k2kR0n3O/PF1CmSyJ3f9736j
 MUkVKAGO48Q8ZwUiwvRzAljWnaTwvtLBdDdHJEKNH6eRCt5m3NNsHPRf13jjM2Ir
 fFcQsKBDWpbp2x7YNnPcbakOt//UJWBrTeFpGvKtjVTe4C9g==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 548eee0f
 (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256:NO); 
 Fri, 26 Jul 2019 23:19:30 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@tobias.gr>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: [bug#36701] [PATCH] gnu: linux-libre: Restrict =?utf-8?B?4oCY?=
 =?utf-8?B?ZG1lc2figJk=?= to privileged users.
References: <87r26p9m6h.fsf@nckx> <20190717072608.17678-1-me@tobias.gr>
 <87o91gju50.fsf@gnu.org>
In-reply-to: <87o91gju50.fsf@gnu.org>
Date: Sat, 27 Jul 2019 01:19:29 +0200
Message-ID: <87k1c4gz9a.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 36701-done
Cc: 36701-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

Ludo',

Ludovic Court=C3=A8s =E5=86=99=E9=81=93=EF=BC=9A
> Tobias Geerinckx-Rice <me@tobias.gr> skribis:
>
>> * gnu/packages/linux.scm (%default-extra-linux-options):
>> Set CONFIG_SECURITY_DMESG_RESTRICT.
>
> Go for it!

Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04.

Thanks!

T G-R

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHQEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXTuKgQAKCRANsP+IT1Vt
eXfQAPYwlOHXveLW3jFfoSJSKG6t3SK+AE/+Kz6qDsgYG+zRAQDnOtwyI2qKsSg6
tLNUT4DunOmRb0dkNHqDnFHrLXLTDw==
=+yZu
-----END PGP SIGNATURE-----
--=-=-=--




From unknown Tue Jul 08 04:30:22 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Sat, 24 Aug 2019 11:24:03 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator