aboutsummaryrefslogtreecommitdiff
path: root/gnu
diff options
context:
space:
mode:
authorTobias Geerinckx-Rice <me@tobias.gr>2019-07-17 09:09:15 +0200
committerTobias Geerinckx-Rice <me@tobias.gr>2019-07-27 01:18:24 +0200
commit24446ce299943efe3dfded6c9dd0cf9421d8da04 (patch)
treeff19a975251daf7ad45fec61016258bd606cf9f8 /gnu
parent4b0356590a57bc27a61956b981f4a90efcf9c92d (diff)
downloadguix-24446ce299943efe3dfded6c9dd0cf9421d8da04.tar.gz
guix-24446ce299943efe3dfded6c9dd0cf9421d8da04.zip
gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
* gnu/packages/linux.scm (%default-extra-linux-options): Set CONFIG_SECURITY_DMESG_RESTRICT.
Diffstat (limited to 'gnu')
-rw-r--r--gnu/packages/linux.scm4
1 files changed, 3 insertions, 1 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 52883282e8..4689c61a58 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -561,7 +561,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
(search-auxiliary-file file)))
(define %default-extra-linux-options
- `(;; Modules required for initrd:
+ `(;; Some very mild hardening.
+ ("CONFIG_SECURITY_DMESG_RESTRICT" . #t)
+ ;; Modules required for initrd:
("CONFIG_NET_9P" . m)
("CONFIG_NET_9P_VIRTIO" . m)
("CONFIG_VIRTIO_BLK" . m)