factory-default: define kernel.dmesg_restrict sysctl

author: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-11-02 15:46:28 +0000
committer: Bertrand Jacquin <bertrand@jacquin.bzh> 2019-11-02 15:46:28 +0000
commit: b4b45dc731920c40eb8b5ba359f61e77cebfbe41 (patch)
tree: 099df03113da8b78160927e4509cbf92d3343d3a
parent: factory-default: define kernel.pid_max sysctl (diff)
download: portage-b4b45dc731920c40eb8b5ba359f61e77cebfbe41.tar.xz
1 files changed, 3 insertions, 0 deletions
diff --git a/factory-default/sys-apps/baselayout/etc/sysctl.conf b/factory-default/sys-apps/baselayout/etc/sysctl.conf
index f8429068..7a328896 100644
--- a/factory-default/sys-apps/baselayout/etc/sysctl.conf
+++ b/factory-default/sys-apps/baselayout/etc/sysctl.conf
@@ -32,6 +32,9 @@ kernel.kptr_restrict = 2
 # PID allocation wrap value
 kernel.pid_max = 4194304
 
+# Users must have CAP_SYSLOG to use dmesg
+kernel.dmesg_restrict = 1
+
 # Do not allow O_CREAT open on regular files that we don't own in world
 # writable sticky directories, unless they are owned by the owner of the
 # directory
author	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-11-02 15:46:28 +0000
committer	Bertrand Jacquin <bertrand@jacquin.bzh>	2019-11-02 15:46:28 +0000
commit	b4b45dc731920c40eb8b5ba359f61e77cebfbe41 (patch)
tree	099df03113da8b78160927e4509cbf92d3343d3a
parent	factory-default: define kernel.pid_max sysctl (diff)
download	portage-b4b45dc731920c40eb8b5ba359f61e77cebfbe41.tar.xz