Enable SECURITY_DMESG_RESTRICT

Default on Debian, and seems to be reasonable for us since we also don't
allow access to the system journal by default.
This commit is contained in:
Jan Alexander Steffens 2020-12-31 01:18:17 +00:00
parent b54786ee1f
commit 45857ed86c
2 changed files with 2 additions and 2 deletions

View File

@ -25,7 +25,7 @@ validpgpkeys=(
'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig) 'A2FF3A36AAA56654109064AB19802F8B0D70FC30' # Jan Alexander Steffens (heftig)
) )
sha256sums=('SKIP' sha256sums=('SKIP'
'7e0c92e110045ae4af377d8a234b171d3732280bd973b3b304e054ee604e8e9e') '7dd327c5d557b4d860676481f3b5f1c35d5335a53a0604f0289b7b02a4f54423')
export KBUILD_BUILD_HOST=archlinux export KBUILD_BUILD_HOST=archlinux
export KBUILD_BUILD_USER=$pkgbase export KBUILD_BUILD_USER=$pkgbase

2
config
View File

@ -9329,7 +9329,7 @@ CONFIG_TRUSTED_KEYS=m
CONFIG_ENCRYPTED_KEYS=m CONFIG_ENCRYPTED_KEYS=m
CONFIG_KEY_DH_OPERATIONS=y CONFIG_KEY_DH_OPERATIONS=y
CONFIG_KEY_NOTIFICATIONS=y CONFIG_KEY_NOTIFICATIONS=y
# CONFIG_SECURITY_DMESG_RESTRICT is not set CONFIG_SECURITY_DMESG_RESTRICT=y
CONFIG_SECURITY=y CONFIG_SECURITY=y
CONFIG_SECURITYFS=y CONFIG_SECURITYFS=y
CONFIG_SECURITY_NETWORK=y CONFIG_SECURITY_NETWORK=y