Comment 4 for bug 1886112

I was thinking about this over the weekend, and I think we overlooked the impact of setting CONFIG_SECURITY_DMESG_RESTRICT in the kernel config has on downstream users of Groovy's kernel, namely when it becomes Focal's HWE kernel.

Focal won't be receiving any patches for /usr/bin/dmesg, so I think it is better to not set CONFIG_SECURITY_DMESG_RESTRICT in kernel config, but to instead set kernel.dmesg_restrict systctl to 1 in /etc/sysctl.d/10-kernel-hardening.conf. This would ensure it only changes Groovy onward, and doesn't cause any regressions for Focal HWE users.

I have emailed Seth Forshee asking to revert the config change.