Step 1: Create the directory to put the configuration file in to prevent 'dmesg' from working:
mkdir /etc/pve/lxcseccomp
Step 2: Edit the file to contain the correct values:
nano -w /etc/pve/lxc/seccomp/disabledmesg
Step 3: Add the following content in the file:
2
blacklist
[all]
syslog errno 1
Step 4: Save the file and exit the editor (ctrl+x -> Y -> Enter)
Step 5: Edit the container you like to prevent the 'dmesg' command from working: nano -w /etc/pve/lxc/<CTID>.conf
Step 6: Add the following lines to it:
lxc.cap.drop: sys_rawio
lxc.seccomp: /etc/pve/lxc/seccomp/disabledmesg
Step 7: Restart the container via the Web Gui or manually
That's it! When you execute 'dmesg' in the container, you should see this:
klogctl: Operation not permitted
