Clear Linux Moving Ahead With Blocking dmesg Access For Non-Root Users

Written by Michael Larabel in Clear Linux on 1 June 2019 at 06:31 PM EDT. 49 Comments
Most Linux distributions allow unfettered access to dmesg for seeing the kernel log outputs, but seeing as kernel addresses can be dumped to this output and could be exploited by bad actors, Clear Linux is joining the select few Linux distributions so far blocking non-root users from seeing this output mostly used for debugging purposes.

Back in April I wrote about their plans for blocking dmesg access via the Linux kernel's CONFIG_SECURITY_DMESG_RESTRICT Kconfig build time switch. After evaluating the plan, they indeed are going ahead with it where only root/sudo users will be able to see the dmesg output. This also impacts container users as well as there even if you are the root user in a container you will now no longer be able to see the kernel logs of the host.

We'll see if other Linux distributions jump on board with restricting dmesg access to help kernel memory addresses from potentially being exposed.

More details on Clear Linux's enabling of SECURITY_DMESG_RESTRICT can be found via this mailing list post.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week