Browse Source

Merge "Restrict Access to Kernel Message Buffer"

changes/58/442458/4
Jenkins 5 years ago committed by Gerrit Code Review
parent
commit
0e76a20cae
  1. 2
      puppet/services/kernel.yaml
  2. 11
      releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml

2
puppet/services/kernel.yaml

@ -56,5 +56,7 @@ outputs:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
kernel.dmesg_restrict:
value: 1
step_config: |
include ::tripleo::profile::base::kernel

11
releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml

@ -0,0 +1,11 @@
---
upgrade:
- |
The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
kernel address information with unprivileged access. Deployments that set
or depend on values other than 1 for kernel.dmesg_restrict may be affected
by upgrading.
security:
- |
Kernel syslog contains sensitive kernel address information, setting
kernel.dmesg_restrict to avoid unprivileged access to this information.
Loading…
Cancel
Save