I was thinking about this over the weekend, and I think we overlooked the impact of setting CONFIG_SECURITY_DMESG_RESTRICT in the kernel config has on downstream users of Groovy's kernel, namely when it becomes Focal's HWE kernel.
Focal won't be receiving any patches for /usr/bin/dmesg, so I think it is better to not set CONFIG_SECURITY_DMESG_RESTRICT in kernel config, but to instead set kernel.dmesg_restrict systctl to 1 in /etc/sysctl.d/10-kernel-hardening.conf. This would ensure it only changes Groovy onward, and doesn't cause any regressions for Focal HWE users. I have emailed Seth Forshee asking to revert the config change. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1886112 Title: Enabling DMESG_RESTRICT in Groovy Onward To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1886112/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
