From 9da578a78f6f442a193bd15af3c1c4544b1ff156 Mon Sep 17 00:00:00 2001
From: Emily <vcs@emily.moe>
Date: Sun, 5 Apr 2020 04:57:03 +0100
Subject: nixos/hardened: don't set kernel.dmesg_restrict

Upstreamed in anthraxx/linux-hardened@e3d3f13ffb1a5ff507a8ecae52e3d1fa05d30a07.
---
 nixos/modules/profiles/hardened.nix | 3 ---
 1 file changed, 3 deletions(-)

(limited to 'nixos')

diff --git a/nixos/modules/profiles/hardened.nix b/nixos/modules/profiles/hardened.nix
index 8a2763faec08..052909d63f53 100644
--- a/nixos/modules/profiles/hardened.nix
+++ b/nixos/modules/profiles/hardened.nix
@@ -76,9 +76,6 @@ with lib;
   # (e.g., parent/child)
   boot.kernel.sysctl."kernel.yama.ptrace_scope" = mkOverride 500 1;
 
-  # Restrict access to kernel ring buffer (information leaks)
-  boot.kernel.sysctl."kernel.dmesg_restrict" = mkDefault true;
-
   # Hide kptrs even for processes with CAP_SYSLOG
   boot.kernel.sysctl."kernel.kptr_restrict" = mkOverride 500 2;
 
-- 
cgit 1.4.1