Set /proc/sys/kernel/dmesg_restrict to 1
Set dmesg_restrict to 1 to help limit inadvertent information leaks
from the kernel to non-privileged programs. Root and programs with
CAP_SYSLOG will continue to have access to dmesg output.
See "dmesg_restrict" in Documentation/sysctl/kernel.txt from the
Linux kernel source code.
Bug: 5585365
Change-Id: Iffcf060ea4bd446ab9acf62b8b61d315d4ec4633
diff --git a/rootdir/init.rc b/rootdir/init.rc
index 235533f..f44d89a 100644
--- a/rootdir/init.rc
+++ b/rootdir/init.rc
@@ -69,6 +69,7 @@
write /proc/sys/kernel/sched_child_runs_first 0
write /proc/sys/kernel/randomize_va_space 2
write /proc/sys/kernel/kptr_restrict 2
+ write /proc/sys/kernel/dmesg_restrict 1
# Create cgroup mount points for process groups
mkdir /dev/cpuctl