Is there a reason we do not turn on the file system hardlink/symlink protection in Rawhide?

Josh Boyer jwboyer at gmail.com
Fri Mar 15 00:28:35 UTC 2013


On Thu, Mar 14, 2013 at 8:22 PM, Lennart Poettering
<mzerqung at 0pointer.de> wrote:
> On Thu, 14.03.13 18:32, Josh Boyer (jwboyer at gmail.com) wrote:
>
>> > Everything about these restrictions is described in detail in the commit:
>> > http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=800179c9b8a1e796e441674776d11cd4c05d61d7
>> >
>> > I'm happy to answer any questions.
>>
>> Something like this patch to systemd should work, no?
>
> Hmm, I'd very much prefer if the defaults are built into the kernel, and
> that sysctl in userspace is then used only by the admin to override these
> defaults, so that by default we ship with empty sysctl.d/ dirs.
>
> So, before I merge anything like this into systemd, why can't the kernel
> default setting simply be flipped?

It would be yet another out-of-tree patch to carry along forever in
Fedora.  Or at best we try and upstream the default as a config setting
but I'm not sure Linus would bite on that given his commit message when
he switched the default to disabled.  I'd rather avoid carrying a patch
that has no chance of upstream when it can be done by a unit file or
systemd itself.  That's why they're settable from userspace to begin
with.

josh


More information about the devel mailing list