On Tue, Feb 27, 2024 at 2:16 PM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote: > > > https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c61e01a52359b5793a627e7c9aae8854 > > Why wasn't this a Fedora change proposal? > > Also the justification given for such a major change is very thin. > I'm sure product security can give us some more details of precisely > what exploits will be mitigated, in the change proposal. In practice, this isn't that much of a lockdown for most fedora users. We give the default user on a system wheel access which means both 'sudo dmesg' and 'journalctl -k' work as is. While giving existing CVE numbers that are easier/possible to exploit doesn't much matter because they should be fixed already, It gets rid of a number of exploits where you need information that is only available via oops etc. Justin > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > libguestfs lets you edit virtual machines. Supports shell scripting, > bindings from many languages. http://libguestfs.org > -- > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx > Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
