Lxc: restricting container view of dmesg
If you don’t like the idea of your lxc container to view dmesg output, which includes host’s data, here is a quick tip.
Just enable this on the host:
echo 1 > /proc/sys/kernel/dmesg_restrict
Or, to have the value set permanently across reboots, add this to /etc/sysctl.conf (don’t forget to run “sysctl -p” to parse s/etc/sysctl.conf and apply the values):
The setting will affect all non-root users on the host system, and all users in lxc containers, including root.
Try what happens in your lxc container:
root@lxc:~# dmesg dmesg: klogctl failed: Operation not permitted
If it's your new deployment, please note that it might be just better to use LXD instead, which enables this by default.