On 2022-01-31 18:20, Michal Kubecek wrote:
On Sat, Jan 29, 2022 at 05:54:17PM +0100, Marcus Meissner wrote:
On Sat, Jan 29, 2022 at 05:37:48PM +0100, Stefan Seyfried wrote:
Hi all,
I just found that I could not do "dmesg" as normal user in a Leap 15.3 installation. I'm used to be able to do this from my Factory machines.
Investigation showed, that Leap's kernel sets CONFIG_SECURITY_DMESG_RESTRICT=y while the Factory kernel (at least kernel-vanilla and kernel-default from Kernel:HEAD) does not.
I do not care which default is chosen, but for consistency I'd suggest to settle for one of the two possible options ;-)
FWIW, the reason is that Leap 15.3 now uses the SLES 15 SP3 kernel directly, and that is locked down in this regard.
I fear Tumbleweed is different to that.
Perhaps we can also enable it for Tumbleweed?
For the record, this was already discussed in bsc#1157066 after the value had been changed by accident. We reverted the change (in Tumbleweed) but only because the restriction was added by accident rather than as a conscious decision. My take from the bugzilla discussion was that nobody really cares too much.
Well, it means that when aiding some newby with a problem and we tell him to look at dmesg output, we will also need to tell him to use sudo or su. No big deal, but it is something to remember as it changes the procedure used for decades. Maybe it is more secure. Dunno. I thought that SLE has decided this change for the improved security (aka secrecy) it means ;-) -- Cheers / Saludos, Carlos E. R. (from 15.3 x86_64 at Telcontar)