security,printk: Enable SECURITY_DMESG_RESTRICT

This prevents non-root users reading the kernel log by default (sysctl: kernel.dmesg_restrict)
2016-10-07 02:57:54 +01:00 · 2016-10-07 02:57:54 +01:00 · f3b836ba7c
parent 298af9afcc
commit f3b836ba7c
2 changed files with 3 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -19,6 +19,8 @@ linux (4.8-1~exp1) UNRELEASED; urgency=medium
  * [powerpc*/*64*] Enable OPAL_PRD, MTD, MTD_POWERNV_FLASH as modules
    (Closes: #838604, #838605)
  * Compile with gcc-6 on all architectures
+  * security,printk: Enable SECURITY_DMESG_RESTRICT, preventing non-root users
+    reading the kernel log by default (sysctl: kernel.dmesg_restrict)

 -- Ben Hutchings <ben@decadent.org.uk>  Sat, 01 Oct 2016 21:51:33 +0100

--- a/debian/config/config
+++ b/debian/config/config
@ -6643,6 +6643,7 @@ CONFIG_NET_KEY_MIGRATE=y
 ##
 ## file: security/Kconfig
 ##
+CONFIG_SECURITY_DMESG_RESTRICT=y
 CONFIG_SECURITY_PERF_EVENTS_RESTRICT=y
 CONFIG_SECURITY=y
 CONFIG_SECURITY_NETWORK=y