Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?
Daniel J Walsh
dwalsh at redhat.com
Thu Mar 14 13:08:48 UTC 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/14/2013 04:09 AM, yersinia wrote:
> On Wed, Mar 13, 2013 at 7:52 PM, Daniel J Walsh <dwalsh at redhat.com
> <mailto:dwalsh at redhat.com>> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>
> sysctl -a | grep protected fs.protected_hardlinks = 0 fs.protected_symlinks
> = 0
>
> Here some more info for this apparent regression
> http://kernel.opensuse.org/cgit/kernel/commit/?id=561ec64ae67ef25cac8d72bb9c4bfc955edfd415
>
> Best
>
>
>
>
Well I believe Ubunto has been using this feature for years and maybe we
should consider turning it on via systemd or a unit file. The breakage of AFD
is not a legitimate reason for Fedora to turn it off.
Kees, could you explain how these restrictions would help secure Fedora and
any potential side effects.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlFBy+AACgkQrlYvE4MpobO0CQCdHilzfd1TjE1RAllQ1YsmXj43
jwIAn1KH7+Tbm+a9TBQdX5CN5vagjh8t
=it6d
-----END PGP SIGNATURE-----
More information about the devel
mailing list