Set /proc/sys/kernel/dmesg_restrict to 1 Set dmesg_restrict to 1 to help limit inadvertent information leaks from the kernel to non-privileged programs. Root and programs with CAP_SYSLOG will continue to have access to dmesg output. See "dmesg_restrict" in Documentation/sysctl/kernel.txt from the Linux kernel source code. Bug: 5585365 Change-Id: Iffcf060ea4bd446ab9acf62b8b61d315d4ec4633

commit: f9557fba347bcb837892458fabd7454e1a1a4d6a [log] [tgz]
author: Nick Kralevich <nnk@google.com> Tue Nov 08 14:38:53 2011 -0800
committer: Nick Kralevich <nnk@google.com> Tue Nov 08 14:46:19 2011 -0800
tree: fc8945959394b9ff2a4486f9f9b0ae031dacae71
parent: 1e339a710e0993c18c8b96f9224ebd3aa29cf8cd [diff] [blame]
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 235533f..f44d89a 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc

@@ -69,6 +69,7 @@
     write /proc/sys/kernel/sched_child_runs_first 0
     write /proc/sys/kernel/randomize_va_space 2
     write /proc/sys/kernel/kptr_restrict 2
+    write /proc/sys/kernel/dmesg_restrict 1
 
 # Create cgroup mount points for process groups
     mkdir /dev/cpuctl
commit	f9557fba347bcb837892458fabd7454e1a1a4d6a	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Tue Nov 08 14:38:53 2011 -0800
committer	Nick Kralevich <nnk@google.com>	Tue Nov 08 14:46:19 2011 -0800
tree	fc8945959394b9ff2a4486f9f9b0ae031dacae71
parent	1e339a710e0993c18c8b96f9224ebd3aa29cf8cd [diff] [blame]