aboutsummaryrefslogtreecommitdiffstats
path: root/puppet/services/kernel.yaml
diff options
context:
space:
mode:
authorzshi <zshi@redhat.com>2017-03-20 16:12:32 +0800
committerzshi <zshi@redhat.com>2017-03-22 07:20:32 +0800
commit51c91597fbad0155b8cab62c8d12cbc01d44ed74 (patch)
tree2f37a0454cf405d41b2e65c095a0524ff0d33e7e /puppet/services/kernel.yaml
parente0bd63c826e687d9019b76297e9375f3b0608c2e (diff)
Restrict Access to Kernel Message Buffer
Unprivileged access to the kernel syslog can expose sensitive kernel address information. Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2 Signed-off-by: zshi <zshi@redhat.com>
Diffstat (limited to 'puppet/services/kernel.yaml')
-rw-r--r--puppet/services/kernel.yaml2
1 files changed, 2 insertions, 0 deletions
diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index fec455d1..ee4c771f 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -56,5 +56,7 @@ outputs:
value: 10000
kernel.pid_max:
value: {get_param: KernelPidMax}
+ kernel.dmesg_restrict:
+ value: 1
step_config: |
include ::tripleo::profile::base::kernel