GNU bug report logs - #36701
[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

Previous Next

Package: guix-patches;

Reported by: Tobias Geerinckx-Rice <me <at> tobias.gr>

Date: Wed, 17 Jul 2019 07:27:02 UTC

Severity: normal

Tags: patch

Done: Tobias Geerinckx-Rice <me <at> tobias.gr>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: bug#36701: closed (Re: [bug#36701] [PATCH] gnu: linux-libre:
 Restrict ‘dmesg’ to privileged users.)
Date: Fri, 26 Jul 2019 23:20:04 +0000

[Message part 1 (text/plain, inline)]

Your bug report

#36701: [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

which was filed against the guix-patches package, has been closed.

The explanation is attached below, along with your original report.
If you require more details, please reply to 36701 <at> debbugs.gnu.org.

-- 
36701: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=36701
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 36701-done <at> debbugs.gnu.org
Subject: Re: [bug#36701] [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
Date: Sat, 27 Jul 2019 01:19:29 +0200

[Message part 3 (text/plain, inline)]

Ludo',

Ludovic Courtès 写道：
> Tobias Geerinckx-Rice <me <at> tobias.gr> skribis:
>
>> * gnu/packages/linux.scm (%default-extra-linux-options):
>> Set CONFIG_SECURITY_DMESG_RESTRICT.
>
> Go for it!

Pushed as 24446ce299943efe3dfded6c9dd0cf9421d8da04.

Thanks!

T G-R

[signature.asc (application/pgp-signature, inline)]

[Message part 5 (message/rfc822, inline)]

From: Tobias Geerinckx-Rice <me <at> tobias.gr>
To: guix-devel <at> gnu.org,
	guix-patches <at> gnu.org
Subject: [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
Date: Wed, 17 Jul 2019 09:26:08 +0200

* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
---

Re: https://lists.gnu.org/archive/html/guix-devel/2019-07/msg00258.html

Patchy patch.

 gnu/packages/linux.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 30192f195d..73c7083e7c 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -273,7 +273,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
     (search-auxiliary-file file)))
 
 (define %default-extra-linux-options
-  `(;; Modules required for initrd:
+  `(;; Some very mild hardening.
+    ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+    ;; Modules required for initrd:
     ("CONFIG_NET_9P" . m)
     ("CONFIG_NET_9P_VIRTIO" . m)
     ("CONFIG_VIRTIO_BLK" . m)
-- 
2.22.0

This bug report was last modified 5 years and 320 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #36701 [PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.

GNU bug report logs - #36701
[PATCH] gnu: linux-libre: Restrict ‘dmesg’ to privileged users.