You are not logged in.
Seems that we enabled SECURITY_DMESG_RESTRICT with the release of 5.10.4. I tried added a regular user to the adm group (logout/login) but am still getting the dmesg: read kernel buffer failed: Operation not permitted. Response to calling dmesg. What am I missing?
$ id
uid=1001(smack) gid=100(users) groups=100(users),4(adm)
$ dmesg
dmesg: read kernel buffer failed: Operation not permitted
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
I believe user needs the CAP_SYSLOG capability for dmesg with SECURITY_DMESG_RESTRICT. If you want to access dmesg as none root user you can access it through the journal filter for kernel messages for the current boot.
Edit:
You can also set kernel.dmesg_restrict=0 to allow any user to access dmesg as before.
https://www.kernel.org/doc/Documentatio … kernel.txt
Also fixed capability is CAP_SYSLOG not CAP_SYS_ADMIN.
Edit2:
You could limit it to a group with:
chown root:adm /usr/bin/dmesg
chmod 750 /usr/bin/dmesg
setcap cap_syslog=ep /usr/bin/dmesg
Last edited by loqs (2020-12-31 20:53:32)
Offline
@loqs - Thanks for the suggestions. Particularly edit 2. https://bugs.archlinux.org/task/69168
EDIT:
If others are wanting this functionality, a simple pacman hook can do it. Drop the following in /etc/pacman.d/hooks/10-dmesg-fix.hook
[Trigger]
Operation = Upgrade
Type = Package
Target = util-linux
[Action]
Description = Fixing dmesg permissions...
When = PostTransaction
Exec = /bin/sh -c '/usr/bin/chown root:wheel /usr/bin/dmesg ; /usr/bin/chmod 750 /usr/bin/dmesg ; /usr/bin/setcap cap_syslog=ep /usr/bin/dmesg'
Last edited by graysky (2021-06-05 11:32:41)
CPU-optimized Linux-ck packages @ Repo-ck • AUR packages • Zsh and other configs
Offline
As loqs mentioned, using journalctl -k could the simpler approach. Then, as long as you're in the adm, wheel or systemd-journal group, you'll have access to the journal.
Offline
This is fairly close to dmesg format:
journalctl -ko short-monotonic --no-hostname
Last edited by loqs (2021-01-01 14:03:32)
Offline