From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id CC725138350 for ; Mon, 10 Feb 2020 04:21:22 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id D1C91E08DA; Mon, 10 Feb 2020 04:21:21 +0000 (UTC) Received: from smtp.gentoo.org (woodpecker.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2F2A5E08DA for ; Mon, 10 Feb 2020 04:21:21 +0000 (UTC) Received: from oystercatcher.gentoo.org (unknown [IPv6:2a01:4f8:202:4333:225:90ff:fed9:fc84]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTPS id 7A65034E971 for ; Mon, 10 Feb 2020 04:21:19 +0000 (UTC) Received: from localhost.localdomain (localhost [IPv6:::1]) by oystercatcher.gentoo.org (Postfix) with ESMTP id 22DB135 for ; Mon, 10 Feb 2020 04:21:17 +0000 (UTC) From: "William Hubbs" To: gentoo-commits@lists.gentoo.org Content-Transfer-Encoding: 8bit Content-type: text/plain; charset=UTF-8 Reply-To: gentoo-dev@lists.gentoo.org, "William Hubbs" Message-ID: <1581307923.14c91b2c9dc77d6fc81746b999b92187bd9cac82.williamh@gentoo> Subject: [gentoo-commits] proj/baselayout:master commit in: etc.Linux/sysctl.d/ X-VCS-Repository: proj/baselayout X-VCS-Files: etc.Linux/sysctl.d/00protected-links.conf etc.Linux/sysctl.d/README X-VCS-Directories: etc.Linux/sysctl.d/ X-VCS-Committer: williamh X-VCS-Committer-Name: William Hubbs X-VCS-Revision: 14c91b2c9dc77d6fc81746b999b92187bd9cac82 X-VCS-Branch: master Date: Mon, 10 Feb 2020 04:21:17 +0000 (UTC) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-commits@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply X-Archives-Salt: 984bf977-8d26-465e-9b2e-f2c78683390c X-Archives-Hash: d4cf1abe3f17b48980e64d79424786e8 commit: 14c91b2c9dc77d6fc81746b999b92187bd9cac82 Author: William Hubbs gentoo org> AuthorDate: Mon Feb 10 01:47:40 2020 +0000 Commit: William Hubbs gentoo org> CommitDate: Mon Feb 10 04:12:03 2020 +0000 URL: https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=14c91b2c enable protected_symlinks and protected_hardlinks by default Bug: https://bugs.gentoo.org/704914 Signed-off-by: William Hubbs gentoo.org> etc.Linux/sysctl.d/00protected-links.conf | 2 ++ etc.Linux/sysctl.d/README | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/etc.Linux/sysctl.d/00protected-links.conf b/etc.Linux/sysctl.d/00protected-links.conf new file mode 100644 index 00000000..5e4d7c6f --- /dev/null +++ b/etc.Linux/sysctl.d/00protected-links.conf @@ -0,0 +1,2 @@ +fs.protected_symlinks = 1 +fs.protected_hardlinks = 1 diff --git a/etc.Linux/sysctl.d/README b/etc.Linux/sysctl.d/README new file mode 100644 index 00000000..dc609ac9 --- /dev/null +++ b/etc.Linux/sysctl.d/README @@ -0,0 +1,15 @@ +For more information on how kernel parameter configuration works, please see +the manpages sysctl(8) and sysctl.conf(5). + +In order for this to work properly, you must first +enable 'Sysctl support' in the kernel. + +Look in /proc/sys/ for all the things you can setup. +sysctl processes files that end in *.conf in directories in the +following order before processing /etc/sysctl.conf. + +- /run/sysctl.d +- /etc/sysctl.d +- /usr/local/lib/sysctl.d +- /usr/lib/sysctl.d +- /lib/sysctl.d