[ubuntu-hardened] dmesg restrict.

Kees Cook kees at ubuntu.com
Tue Dec 18 20:30:18 UTC 2012

On Tue, Dec 18, 2012 at 08:28:22PM +0100, daniel curtis wrote:
> Ubuntu offers an interesting option to restrict dmesg? It is available
> via /proc/sys/kernel/dmesg_restrict, but the default setting is: *0*.
> Is there any way to enable it - change to *1*? When I'm trying to do
> it using sudo, I've got an error:
> /proc/sys/kernel/dmesg_restrict: Permission denied

I suspect you're accidentally redirecting to the file outside of sudo. For
sysctls, I recommend using the "sysctl" command:

sudo sysctl kernel.dmesg_restrict=1

or setting to be the default at boot time:

sudo -s
cat >/etc/sysctl.d/90-dmesg.conf <<EOM
# Turn on dmesg restrictions
kernel.dmesg_restrict = 1


Kees Cook

More information about the ubuntu-hardened mailing list