Add a sysctl setting to make dmesg unrestricted by default
This commit also adds an autopkgtest, unfortunately the test requires a
VM. If we install kali-defaults in a chroot or container, the sysctl
settings are simply not applied (as it requires interacting with the
kernel, and that's not allowed), and therefore we can't reliably test
whether dmesg is restricted or not.
Fixes: #12
Arnaud Rebillout
1 year, 4 months ago
| 9 | 9 |
|
| 10 | 10 |
The package also diverts some files when the configuration system
|
| 11 | 11 |
does not offer something better.
|
|
12 |
|
|
13 |
sysctl settings
|
|
14 |
---------------
|
|
15 |
|
|
16 |
When adding or removing a setting, make sure that the name
|
|
17 |
starts with '50-kali-defaults-', since the postinst script
|
|
18 |
relies on this convention to reload the settings.
|
| 25 | 25 |
pulseaudio/kali_pulseaudio.conf usr/lib/systemd/user/pulseaudio.service.d/
|
| 26 | 26 |
pulseaudio/kali_pulseaudio.socket.conf usr/lib/systemd/user/pulseaudio.socket.d/
|
| 27 | 27 |
samba/smb.conf usr/share/samba/
|
|
28 |
sysctl/* usr/lib/sysctl.d/
|
| 28 | 29 |
systemd/* lib/systemd/
|
| 29 | 30 |
usr/* usr/
|
| 187 | 187 |
# /etc/systemd/network/* changes
|
| 188 | 188 |
dpkg-trigger --no-await update-initramfs
|
| 189 | 189 |
fi
|
|
190 |
|
|
191 |
# Apply kernel sysctl settings
|
|
192 |
if [ -x /lib/systemd/systemd-sysctl ]; then
|
|
193 |
for file in /usr/lib/sysctl.d/50-kali-defaults-*.conf; do
|
|
194 |
/lib/systemd/systemd-sysctl $(basename $file) || true
|
|
195 |
done
|
|
196 |
fi
|
| 190 | 197 |
fi
|
| 191 | 198 |
|
| 192 | 199 |
# dh_installdeb will replace this with shell code automatically
|
|
0 |
# non-privileged users should be able to run dmesg
|
|
1 |
Test-Command: dmesg >/dev/null
|
|
2 |
Restrictions: isolation-machine
|
|
0 |
# This file is part of kali-defaults.
|
|
1 |
#
|
|
2 |
# If the setting(s) in this file are not desirable, do NOT
|
|
3 |
# modify this file. Instead, start 'kali-tweaks' in a
|
|
4 |
# terminal and change the setting from there.
|
|
5 |
|
|
6 |
# Allow unprivileged users to run dmesg.
|
|
7 |
kernel.dmesg_restrict = 0
|