From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 15D1C138334 for ; Sat, 4 Jan 2020 07:39:10 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 22503E08E0; Sat, 4 Jan 2020 07:39:06 +0000 (UTC) Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 91612E08D9 for ; Sat, 4 Jan 2020 07:39:05 +0000 (UTC) Received: from computer (unknown [IPv6:2a02:8109:8380:7e7e:b886:8d52:6199:3925]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: hanno) by smtp.gentoo.org (Postfix) with ESMTPSA id 013E234DEBE for ; Sat, 4 Jan 2020 07:39:03 +0000 (UTC) Date: Sat, 4 Jan 2020 08:38:59 +0100 From: Hanno =?UTF-8?B?QsO2Y2s=?= To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Vanilla sources Message-ID: <20200104083859.6e82fd4d@computer> In-Reply-To: References: <3197490.ugo6OjCCXa@daneel.sf-tec.de> <1794534.0xJHuh4lKC@crazyhorse> <19015309.XG3PSQ8cOu@daneel.sf-tec.de> <5537134e-0412-862d-e105-94c678229b46@gentoo.org> <2dd351b3-0f71-4960-ffde-2f5a99ab161d@gentoo.org> <9b48db99-19dc-617b-c0d4-ffa0216b43be@gentoo.org> X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/wzgnhTSWd5e.u8KxKVr1M6o"; protocol="application/pgp-signature"; micalg=pgp-sha256 X-Archives-Salt: 8c86e49f-d97b-4d93-a077-5ea32f6c750a X-Archives-Hash: 887e6ba170359a1db18e971b4a5277dc --Sig_/wzgnhTSWd5e.u8KxKVr1M6o Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Fri, 3 Jan 2020 15:48:54 +0100 Toralf F=C3=B6rster wrote: > # Restrict potential illegal access via links > #=20 > fs.protected_hardlinks =3D 1 > fs.protected_symlinks =3D 1=20 Given the issues with openrc: Wouldn't it be a good idea to add these by default to Gentoo's sysctl.conf in baselayout? As far as I understand this from the thread by now, these are set by default by Gentoo Sources. So we shouldn't really expect much breakage if we set them via sysctl. --=20 Hanno B=C3=B6ck https://hboeck.de/ --Sig_/wzgnhTSWd5e.u8KxKVr1M6o Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEn3wfQCCb9MicJwD8dkhfABMwL8oFAl4QQRMACgkQdkhfABMw L8q0Bg//QaGemhbn5WfHHULOsafYAxvhtL4kmeMCj9CFQX7Lg6ADjxXMXMZQQdWo gw5MbIog8CeDivGtfIco1yGJsa2gk1tGz2U6LpmOvFVBzdRkbQedeEFzMtqZ5IT5 Q9e25YoLpUcfImSCcROkdHvIEfju14DQHiRv85An96Gl7V5woRCqRnJJaj/fXJ/J u8AyRKJXl93nqA6T3oVzQiiSlD7MP5bvEWf2Lj8Wr8uGF+f5fZdzikDfyDEhgCAF 4jzuOgLq7SeddYLGC7E4C4g5v70qs/V5UIBrz2ijRfTOU9B35WfSRB93aSOhr1pp Yw3obm8k0esfHNyOvoPYtgX6ZHzP0M7zK+rt9REmwdiP9oV8f0SrGS7ZZzTO0XuC PuQSOMA2t2Jpl5dyjDgI6qTqGIGVhDrdH2FAonwk9PILdNJgTFdZJJYq8+gzZXp3 5D5wbkUVz0az6/FbbziVzJVfDMLDMPz3vDKo0HfeO23SoB1fiCsrLlxpQ/zUUqav UUi2BPShLIpVEB1GR8G6Ra5ggiktJttqv49En6aofSvuk8g1yue5D2/YapV2lrsU 9bs3JhcKrK3leeD9+CDu8BJd0bY8Thkxj7gmWZ7t1PkVbYpnWZ05OkWZp4SI+62g vRSm2waX3mr5TvlE9WoZDtay9l3ikGmnLVyD+6tHU+nhBjvyrO0= =JDFf -----END PGP SIGNATURE----- --Sig_/wzgnhTSWd5e.u8KxKVr1M6o--