tripleo-heat-templates/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml

12 lines
438 B
YAML
Raw Normal View History

---
upgrade:
- |
The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
kernel address information with unprivileged access. Deployments that set
or depend on values other than 1 for kernel.dmesg_restrict may be affected
by upgrading.
security:
- |
Kernel syslog contains sensitive kernel address information, setting
kernel.dmesg_restrict to avoid unprivileged access to this information.