After updating the kernel on CentOS 7, you may encounter an error that prevents reading the kernel buffer using the dmesg command. The error message "dmesg: read kernel buffer failed: Operation not permitted" indicates a permissions issue introduced by newer Linux kernel versions as a security measure. In this article, we'll discuss steps to fix this error and restore the functionality of the dmesg command.

Root Cause of the Issue

The mentioned error message results from tightening security policies within the Linux kernel. Specifically, it relates to the kernel parameter kernel.dmesg_restrict, which has been set to 1 (enabled). This setting restricts access to dmesg only to users with root privileges or users in a group granted permission to read dmesg.

Solution

Step 1: Check the Value of dmesg_restrict

Firstly, verify the current value of dmesg_restrict using the following command:

sysctl kernel.dmesg_restrict

If the output is kernel.dmesg_restrict = 1, it confirms that the restriction is active.

Step 2: Temporarily Change the Value of dmesg_restrict

You can temporarily change the value of dmesg_restrict to 0 (disabled) using the following command:

sudo sysctl -w kernel.dmesg_restrict=0

This command will allow all users access to dmesg until the system is restarted.

Step 3: Permanently Change the Value of dmesg_restrict

For a permanent change, open the /etc/sysctl.conf file in a text editor:

sudo nano /etc/sysctl.conf

And add or modify the following line:

kernel.dmesg_restrict = 0

Save the file and apply the changes using:

sudo sysctl -p

Step 4: Alternative Solution Using Permissions

If you prefer to maintain security measures and allow access to dmesg only for specific users, you can add users to the group granted permission to read dmesg. This can be done as follows:

sudo usermod -a -G syslog <username>

Replace <username> with the actual username. The user will need to log out and log back in for the changes to take effect.

 

The "dmesg: read kernel buffer failed: Operation not permitted" error is a security feature introduced to protect sensitive information from unauthorized access. While it's possible to bypass this restriction, it's important to consider potential security risks associated with these changes. Always strive to find a balance between security and convenience when configuring system settings.