Add ambientcapability to service for dmesg

[schneewe]

This change allows Splunk to read kernel log and use dmesg even with dmesg_restrict active. Therefore no need to activate for all non-root users

[dtwersky]

@schneewe There is a configurable var to enable dmesg permissions using sysctl (default disabled), which will be needed if someone is using init.d.

Some people may not want to enable this feature for security purposes.

[schneewe]

Yeah that's the reason for this change, because so only Splunk service is allowed to read it, without setting it globally. So no ned to set your var to true.

[jewnix]

What I meant is that some users may not want splunk to have access as well.

…

On Thu, Jan 16, 2025, 11:33 AM schneewe ***@***.***> wrote: Yeah that's the reason for this change, because so only Splunk service is allowed to read it, without setting it globally. So no ned to set your var to true. — Reply to this email directly, view it on GitHub <#219 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AB556G63F62QHYZ52ZY3EE32K7NMXAVCNFSM6AAAAABVKASILWVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDKOJWGE4DMOBWHE> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>