Stephen Morris wrote:
> Just a query first off, why do I need to run dmesg under sudo for it to
> produce its output?
In Fedora 39 (or there about), the CONFIG_SECURITY_DMESG_RESTRICT kernel
config was changed. The commit in the Fedora kernel source tree
provides some useful details¹:
Turn on SECURITY_DMESG_RESTRICT
It was requested by ProdSec that we enable SECURITY_DMESG_RESTRICT
as this makes several security bugs more difficult to exploit. It
should be noted that this just controls the default setting of
kernel.dmesg_restrict sysctl and thus can be always set back to 0 at
runtime. Users in the wheel group also have access to journalctl -k
or sudo for dmesg access without giving it to every user on the
system.
¹ https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c6
--
Todd
Attachment:
signature.asc
Description: PGP signature
-- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
