Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
Lennart Poettering
mzerqung at 0pointer.de
Fri Mar 15 00:22:14 UTC 2013
On Thu, 14.03.13 18:32, Josh Boyer (jwboyer at gmail.com) wrote:
> > Everything about these restrictions is described in detail in the commit:
> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
> >
> > I'm happy to answer any questions.
>
> Something like this patch to systemd should work, no?
Hmm, I'd very much prefer if the defaults are built into the kernel, and
that sysctl in userspace is then used only by the admin to override these
defaults, so that by default we ship with empty sysctl.d/ dirs.
So, before I merge anything like this into systemd, why can't the kernel
default setting simply be flipped?
> +fs.protected_hardlinks=1
> +fs.protected_symlinks=1
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list