From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id F3FF1138330 for ; Wed, 10 Jan 2018 18:18:04 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 7682FE09A5; Wed, 10 Jan 2018 18:18:00 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 2BB48E0997 for ; Wed, 10 Jan 2018 18:18:00 +0000 (UTC) Received: from [10.100.0.22] (host-37-191-226-104.lynet.no [37.191.226.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: k_f) by smtp.gentoo.org (Postfix) with ESMTPSA id EB5ED335C43; Wed, 10 Jan 2018 18:17:58 +0000 (UTC) Subject: Re: [gentoo-dev] rfc: ideas for fixing OpenRC checkpath issue To: gentoo-dev@lists.gentoo.org, Michael Orlitzky References: <20180110000741.GA3995@whubbs1.gaikai.biz> <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> From: Kristian Fiskerstrand Message-ID: Date: Wed, 10 Jan 2018 19:17:12 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.5.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 In-Reply-To: <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Z3iRDY8wr6RG2obSt6kK6fllNpSLRU2MC" X-Archives-Salt: 15790875-ee06-4d9d-92da-e3e41c4bc6d0 X-Archives-Hash: cf6d0c473265c65cabfb411da47f3038 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Z3iRDY8wr6RG2obSt6kK6fllNpSLRU2MC Content-Type: multipart/mixed; boundary="H3BtWTvYwMigNDE8jO0NNGqPRR4HbESOo"; protected-headers="v1" From: Kristian Fiskerstrand Reply-To: k_f@gentoo.org To: gentoo-dev@lists.gentoo.org, Michael Orlitzky Message-ID: Subject: Re: [gentoo-dev] rfc: ideas for fixing OpenRC checkpath issue References: <20180110000741.GA3995@whubbs1.gaikai.biz> <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> In-Reply-To: <14e5af26-fdb7-802c-e6d2-7a69c5115e0d@gentoo.org> --H3BtWTvYwMigNDE8jO0NNGqPRR4HbESOo Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 01/10/2018 02:19 AM, Michael Orlitzky wrote: > On 01/09/2018 07:07 PM, William Hubbs wrote >> >> However, I'm not sure how to deal with the hard link issue in a way th= at >> will not break service scripts. >> >=20 > Systemd mitigates this by enabling the fs.protected_hardlinks sysctl by= > default, but they have the liberty of requiring a relatively new Linux so does gentoo-sources since discussion in https://bugs.gentoo.org/540006#c19 >=20 > (I didn't realize at the time that the OpenRC fix still contained a rac= e > condition.) This was mentioned already in https://bugs.gentoo.org/540006#c15 --=20 Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 --H3BtWTvYwMigNDE8jO0NNGqPRR4HbESOo-- --Z3iRDY8wr6RG2obSt6kK6fllNpSLRU2MC Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEtOrRIMf4mkrqRycHJQt6/tY3nYUFAlpWWKkACgkQJQt6/tY3 nYXJ4gf/esbbAvmp7GgsRjHeK2X9x4hzSEA5I1dI+zbfC2IKXS3yd26vfXgb8zb2 NeTou82d/PCtTxngz7BshlGRJiuKrYp/SdASXXsPhaK4W7Ce/M+do9z1wiLY1MKD I1KHB5yA1NNUo/MYm4+cVEeQJsNzCUW7tvHEjfhVQikOYRNgCuLQ3oSYfMq0j5DN /bbDKWaWH6mPQisaxOa22HeQKRR//V7x/PzPXBRjFt1D+GfGpNxC0GQQOJcqHHng zvYsDpAD/edvpevKmgNAWhymzpxMgK0pFkuAQETTki2y30u2MwXnZgkFb9rAzNrU c8/T9bGzv/B0D6+8rXOAfC70SHU2DQ== =PJ5F -----END PGP SIGNATURE----- --Z3iRDY8wr6RG2obSt6kK6fllNpSLRU2MC--