Enabling the kernel's DMESG_RESTRICT feature

[Matt Zimmerman]

On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote:
> I won't say it doesn't complicate things, but I would like to point out
> that everyone else's suggestion for this is to completely remove the values
> from the dmesg report itself, rendering it unavailable to any user, even
> root.

It seems we are forced into this dichotomy because there is only one log,
which is mixing different types of information.  Has anyone proposed
separating kernel debugging information from simple status logging, and
allowing the remainder to remain accessible to users?

-- 
 - mdz