From 51c91597fbad0155b8cab62c8d12cbc01d44ed74 Mon Sep 17 00:00:00 2001
From: zshi <zshi@redhat.com>
Date: Mon, 20 Mar 2017 16:12:32 +0800
Subject: Restrict Access to Kernel Message Buffer

Unprivileged access to the kernel syslog can expose sensitive
kernel address information.

Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2
Signed-off-by: zshi <zshi@redhat.com>
---
 puppet/services/kernel.yaml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'puppet/services/kernel.yaml')

diff --git a/puppet/services/kernel.yaml b/puppet/services/kernel.yaml
index fec455d1..ee4c771f 100644
--- a/puppet/services/kernel.yaml
+++ b/puppet/services/kernel.yaml
@@ -56,5 +56,7 @@ outputs:
             value: 10000
           kernel.pid_max:
             value: {get_param: KernelPidMax}
+          kernel.dmesg_restrict:
+            value: 1
       step_config: |
         include ::tripleo::profile::base::kernel
-- 
cgit 1.2.3-korg