From 51c91597fbad0155b8cab62c8d12cbc01d44ed74 Mon Sep 17 00:00:00 2001
From: zshi <zshi@redhat.com>
Date: Mon, 20 Mar 2017 16:12:32 +0800
Subject: Restrict Access to Kernel Message Buffer

Unprivileged access to the kernel syslog can expose sensitive
kernel address information.

Change-Id: If40f1b883dfde6c7870bf9c463753d037867c9e2
Signed-off-by: zshi <zshi@redhat.com>
---
 ...rict-access-to-kernel-message-buffer-809160674b92a073.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)
 create mode 100644 releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml

(limited to 'releasenotes')

diff --git a/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml
new file mode 100644
index 00000000..c24e8921
--- /dev/null
+++ b/releasenotes/notes/restrict-access-to-kernel-message-buffer-809160674b92a073.yaml
@@ -0,0 +1,11 @@
+---
+upgrade:
+  - |
+    The kernel.dmesg_restrict is now set to 1 to prevent exposure of sensitive
+    kernel address information with unprivileged access. Deployments that set
+    or depend on values other than 1 for kernel.dmesg_restrict may be affected
+    by upgrading.
+security:
+  - |
+    Kernel syslog contains sensitive kernel address information, setting
+    kernel.dmesg_restrict to avoid unprivileged access to this information.
-- 
cgit 1.2.3-korg