On Sat, 2020-01-04 at 08:38 +0100, Hanno Böck wrote: > On Fri, 3 Jan 2020 15:48:54 +0100 > Toralf Förster wrote: > > > # Restrict potential illegal access via links > > # > > fs.protected_hardlinks = 1 > > fs.protected_symlinks = 1 > > Given the issues with openrc: > Wouldn't it be a good idea to add these by default to Gentoo's > sysctl.conf in baselayout? Yes, we should. This really sounds like some horror where developers are hacking things around in sources instead of communicating with people maintaining the component where a proper fix belongs. > > As far as I understand this from the thread by now, these are set by > default by Gentoo Sources. So we shouldn't really expect much breakage > if we set them via sysctl. > > -- Best regards, Michał Górny