From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-89909-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 15D1C138334
	for <garchives@archives.gentoo.org>; Sat,  4 Jan 2020 07:39:10 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 22503E08E0;
	Sat,  4 Jan 2020 07:39:06 +0000 (UTC)
Received: from smtp.gentoo.org (mail.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 91612E08D9
	for <gentoo-dev@lists.gentoo.org>; Sat,  4 Jan 2020 07:39:05 +0000 (UTC)
Received: from computer (unknown [IPv6:2a02:8109:8380:7e7e:b886:8d52:6199:3925])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: hanno)
	by smtp.gentoo.org (Postfix) with ESMTPSA id 013E234DEBE
	for <gentoo-dev@lists.gentoo.org>; Sat,  4 Jan 2020 07:39:03 +0000 (UTC)
Date: Sat, 4 Jan 2020 08:38:59 +0100
From: Hanno =?UTF-8?B?QsO2Y2s=?= <hanno@gentoo.org>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Vanilla sources
Message-ID: <20200104083859.6e82fd4d@computer>
In-Reply-To: <c2dbdb38-4a3b-2e35-4a95-2fad4efacdfa@gentoo.org>
References: <b9703a2c7501291e687413d99ddd07131394dbec.camel@gentoo.org>
	<3197490.ugo6OjCCXa@daneel.sf-tec.de>
	<1794534.0xJHuh4lKC@crazyhorse>
	<19015309.XG3PSQ8cOu@daneel.sf-tec.de>
	<5537134e-0412-862d-e105-94c678229b46@gentoo.org>
	<2dd351b3-0f71-4960-ffde-2f5a99ab161d@gentoo.org>
	<9b48db99-19dc-617b-c0d4-ffa0216b43be@gentoo.org>
	<CAGfcS_=Ci76CcFSsSvFF8sLZse=dPQymqPZzSH0MEymeaSKksQ@mail.gmail.com>
	<c2dbdb38-4a3b-2e35-4a95-2fad4efacdfa@gentoo.org>
X-Mailer: Claws Mail 3.17.4 (GTK+ 2.24.32; x86_64-pc-linux-gnu)
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="Sig_/wzgnhTSWd5e.u8KxKVr1M6o";
 protocol="application/pgp-signature"; micalg=pgp-sha256
X-Archives-Salt: 8c86e49f-d97b-4d93-a077-5ea32f6c750a
X-Archives-Hash: 887e6ba170359a1db18e971b4a5277dc

--Sig_/wzgnhTSWd5e.u8KxKVr1M6o
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On Fri, 3 Jan 2020 15:48:54 +0100
Toralf F=C3=B6rster <toralf@gentoo.org> wrote:

> #       Restrict potential illegal access via links
> #=20
> fs.protected_hardlinks =3D 1
> fs.protected_symlinks =3D 1=20

Given the issues with openrc:
Wouldn't it be a good idea to add these by default to Gentoo's
sysctl.conf in baselayout?

As far as I understand this from the thread by now, these are set by
default by Gentoo Sources. So we shouldn't really expect much breakage
if we set them via sysctl.


--=20
Hanno B=C3=B6ck
https://hboeck.de/

--Sig_/wzgnhTSWd5e.u8KxKVr1M6o
Content-Type: application/pgp-signature
Content-Description: OpenPGP digital signature

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEn3wfQCCb9MicJwD8dkhfABMwL8oFAl4QQRMACgkQdkhfABMw
L8q0Bg//QaGemhbn5WfHHULOsafYAxvhtL4kmeMCj9CFQX7Lg6ADjxXMXMZQQdWo
gw5MbIog8CeDivGtfIco1yGJsa2gk1tGz2U6LpmOvFVBzdRkbQedeEFzMtqZ5IT5
Q9e25YoLpUcfImSCcROkdHvIEfju14DQHiRv85An96Gl7V5woRCqRnJJaj/fXJ/J
u8AyRKJXl93nqA6T3oVzQiiSlD7MP5bvEWf2Lj8Wr8uGF+f5fZdzikDfyDEhgCAF
4jzuOgLq7SeddYLGC7E4C4g5v70qs/V5UIBrz2ijRfTOU9B35WfSRB93aSOhr1pp
Yw3obm8k0esfHNyOvoPYtgX6ZHzP0M7zK+rt9REmwdiP9oV8f0SrGS7ZZzTO0XuC
PuQSOMA2t2Jpl5dyjDgI6qTqGIGVhDrdH2FAonwk9PILdNJgTFdZJJYq8+gzZXp3
5D5wbkUVz0az6/FbbziVzJVfDMLDMPz3vDKo0HfeO23SoB1fiCsrLlxpQ/zUUqav
UUi2BPShLIpVEB1GR8G6Ra5ggiktJttqv49En6aofSvuk8g1yue5D2/YapV2lrsU
9bs3JhcKrK3leeD9+CDu8BJd0bY8Thkxj7gmWZ7t1PkVbYpnWZ05OkWZp4SI+62g
vRSm2waX3mr5TvlE9WoZDtay9l3ikGmnLVyD+6tHU+nhBjvyrO0=
=JDFf
-----END PGP SIGNATURE-----

--Sig_/wzgnhTSWd5e.u8KxKVr1M6o--