Merge "Restrict Access to Kernel Message Buffer"

This commit is contained in:
Jenkins 2017-03-28 05:58:06 +00:00 committed by Gerrit Code Review
commit 0e76a20cae
2 changed files with 13 additions and 0 deletions

View File

@ -56,5 +56,7 @@ outputs:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
step_config: |
include ::tripleo::profile::base::kernel

View File

@ -0,0 +1,11 @@
---
upgrade:
- |
The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
kernel address information with unprivileged access. Deployments that set
or depend on values other than 1 for kernel.dmesg_restrict may be affected
by upgrading.
security:
- |
Kernel syslog contains sensitive kernel address information, setting
kernel.dmesg_restrict to avoid unprivileged access to this information.