openstack/tripleo-heat-templates
Code Issues Proposed changes
5162183615
tripleo-heat-templates/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml
zshi 51c91597fb Restrict Access to Kernel Message Buffer 
Unprivileged access to the kernel syslog can expose sensitive
kernel address information.

Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2
Signed-off-by: zshi <zshi@redhat.com>
2017-03-22 07:20:32 +08:00

12 lines
438 B
YAML
Raw Blame History

---
upgrade:
- |
The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
kernel address information with unprivileged access. Deployments that set
or depend on values other than 1 for kernel.dmesg_restrict may be affected
by upgrading.
security:
- |
Kernel syslog contains sensitive kernel address information, setting
kernel.dmesg_restrict to avoid unprivileged access to this information.
View Git Blame Copy Permalink