Merge "Restrict Access to Kernel Message Buffer"
This commit is contained in:
commit
0e76a20cae
|
@ -56,5 +56,7 @@ outputs:
|
||||||
value: 10000
|
value: 10000
|
||||||
kernel.pid_max:
|
kernel.pid_max:
|
||||||
value: {get_param: KernelPidMax}
|
value: {get_param: KernelPidMax}
|
||||||
|
kernel.dmesg_restrict:
|
||||||
|
value: 1
|
||||||
step_config: |
|
step_config: |
|
||||||
include ::tripleo::profile::base::kernel
|
include ::tripleo::profile::base::kernel
|
||||||
|
|
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
upgrade:
|
||||||
|
- |
|
||||||
|
The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
|
||||||
|
kernel address information with unprivileged access. Deployments that set
|
||||||
|
or depend on values other than 1 for kernel.dmesg_restrict may be affected
|
||||||
|
by upgrading.
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Kernel syslog contains sensitive kernel address information, setting
|
||||||
|
kernel.dmesg_restrict to avoid unprivileged access to this information.
|
Loading…
Reference in New Issue