Jan 15 2020
Jan 1 2020
Dec 25 2019
Dec 24 2019
This just prevents writing to /dev/kmsg. It doesn't stop kernel logs being displayed during boot.
Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...
We can use a sysctl.d drop-in and an initramfs hook in security-misc so non-initramfs users will still be mostly protected.
I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.
Why not use an initramfs hook in security-misc? Not everyone will have security-misc and apparmor-profile-everything installed. Users with just security-misc installed will still have some kernel logs shown during early boot.
Yes. Probably both. initramfs for apparmor-profile-everything users and
Dec 23 2019
Should this be set in the initramfs?