Stephen Morris wrote:
Just a query first off, why do I need to run dmesg under sudo for it to produce its output?
In Fedora 39 (or there about), the CONFIG_SECURITY_DMESG_RESTRICT kernel config was changed. The commit in the Fedora kernel source tree provides some useful details¹:
Turn on SECURITY_DMESG_RESTRICT
It was requested by ProdSec that we enable SECURITY_DMESG_RESTRICT as this makes several security bugs more difficult to exploit. It should be noted that this just controls the default setting of kernel.dmesg_restrict sysctl and thus can be always set back to 0 at runtime. Users in the wheel group also have access to journalctl -k or sudo for dmesg access without giving it to every user on the system.
¹ https://gitlab.com/cki-project/kernel-ark/-/commit/ed5ba266c6