nixos/hardened: don't set kernel.dmesg_restrict

Upstreamed in anthraxx/linux-hardened@e3d3f13ffb.
2020-04-05 04:57:03 +01:00 · 2020-04-05 04:57:03 +01:00 · 9da578a78f
parent cf1bce6a7a
commit 9da578a78f
1 changed files with 0 additions and 3 deletions
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@ -76,9 +76,6 @@ with lib;
  # (e.g., parent/child)
  boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;

-  # Restrict access to kernel ring buffer (information leaks)
-  boot.kernel.sysctl."kernel.dmesg_restrict" = mkDefault true;
-
  # Hide kptrs even for processes with CAP_SYSLOG
  boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;