diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2019-07-17 09:09:15 +0200 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2019-07-27 01:18:24 +0200 |
commit | 24446ce299943efe3dfded6c9dd0cf9421d8da04 (patch) | |
tree | ff19a975251daf7ad45fec61016258bd606cf9f8 /gnu | |
parent | 4b0356590a57bc27a61956b981f4a90efcf9c92d (diff) | |
download | guix-24446ce299943efe3dfded6c9dd0cf9421d8da04.tar.gz guix-24446ce299943efe3dfded6c9dd0cf9421d8da04.zip |
gnu: linux-libre: Restrict ‘dmesg’ to privileged users.
* gnu/packages/linux.scm (%default-extra-linux-options):
Set CONFIG_SECURITY_DMESG_RESTRICT.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/packages/linux.scm | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm index 52883282e8..4689c61a58 100644 --- a/gnu/packages/linux.scm +++ b/gnu/packages/linux.scm @@ -561,7 +561,9 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration." (search-auxiliary-file file))) (define %default-extra-linux-options - `(;; Modules required for initrd: + `(;; Some very mild hardening. + ("CONFIG_SECURITY_DMESG_RESTRICT" . #t) + ;; Modules required for initrd: ("CONFIG_NET_9P" . m) ("CONFIG_NET_9P_VIRTIO" . m) ("CONFIG_VIRTIO_BLK" . m) |