diff options
author | Jenkins <jenkins@review.openstack.org> | 2017-03-28 05:58:06 +0000 |
---|---|---|
committer | Gerrit Code Review <review@openstack.org> | 2017-03-28 05:58:06 +0000 |
commit | 0e76a20cae6008ae5cf13e7a1d87de154f6e0c40 (patch) | |
tree | 49f8ac1f546f77770e1b627a2359f9a80caed023 /releasenotes | |
parent | f1c452fcf672b2543a06576cf55c8eb9e8f2061f (diff) | |
parent | 51c91597fbad0155b8cab62c8d12cbc01d44ed74 (diff) |
Merge "Restrict Access to Kernel Message Buffer"
Diffstat (limited to 'releasenotes')
-rw-r--r-- | releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml new file mode 100644 index 00000000..c24e8921 --- /dev/null +++ b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml @@ -0,0 +1,11 @@ +--- +upgrade: + - | + The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive + kernel address information with unprivileged access. Deployments that set + or depend on values other than 1 for kernel.dmesg_restrict may be affected + by upgrading. +security: + - | + Kernel syslog contains sensitive kernel address information, setting + kernel.dmesg_restrict to avoid unprivileged access to this information. |