Turn on SECURITY_DMESG_RESTRICT

Justin M. Forbesrequested to merge
jmflinuxtx/kernel-ark:dmesg into os-build

It was requested by ProdSec that we enable SECURITY_DMESG_RESTRICT as this makes several security bugs more difficult to exploit. It should be noted that this just controls the default setting of kernel.dmesg_restrict sysctl and thus can be always set back to 0 at runtime. Users in the wheel group also have access to journalctl -k or sudo for dmesg access without giving it to every user on the system.

Signed-off-by: Justin M. Forbes jforbes@fedoraproject.org

Merge request reports