Mon, Sep 28
Looks all good and quite in Whonix 22.214.171.124.1.
May 14 2020
Apr 23 2020
Setting quiet loglevel=0 in that exact order as per https://github.com/Whonix/security-misc/commit/6485df8126b52a2072824fa442e8d1dd5cb18981 does now hide [sda] Incomplete mode parameter data. However, messages by LKRG are not yet hidden.
Apr 16 2020
Even kernel parameter quiet loglevel=3 rd.systemd.show_status=auto rd.udev.log_priority=3
does not hide [sda] Incomplete mode parameter data.
kernel.printk = 3 3 3 3
And of course these messages are attributed to whatever Whonix issue someone is having.
Mar 22 2020
Not fully fixed.
Mar 21 2020
This issue is fixed now due to the quiet boot parameter. kernel.printk=3 3 3 3 isn't needed anymore.
Jan 15 2020
Jan 1 2020
Dec 25 2019
Dec 24 2019
This just prevents writing to /dev/kmsg. It doesn't stop kernel logs being displayed during boot.
Still wondering if initramfs modification this can be avoided... Still wondering if kernel.printk can be set through a kernel parameter. Looking again at https://github.com/torvalds/linux/blob/master/Documentation/admin-guide/kernel-parameters.txt...
We can use a sysctl.d drop-in and an initramfs hook in security-misc so non-initramfs users will still be mostly protected.
I guess because a sysctl.d drop-in config file is easy and catches most.
initramfs hook covers only initramfs users. Not dracut. But
security-misc initramfs hook sounds good enough. dracut support can
come later, if ever. Please implement.
Why not use an initramfs hook in security-misc? Not everyone will have security-misc and apparmor-profile-everything installed. Users with just security-misc installed will still have some kernel logs shown during early boot.
Yes. Probably both. initramfs for apparmor-profile-everything users and
Dec 23 2019
Should this be set in the initramfs?