commit: 14c91b2c9dc77d6fc81746b999b92187bd9cac82 Author: William Hubbs <williamh <AT> gentoo <DOT> org> AuthorDate: Mon Feb 10 01:47:40 2020 +0000 Commit: William Hubbs <williamh <AT> gentoo <DOT> org> CommitDate: Mon Feb 10 04:12:03 2020 +0000 URL: https://gitweb.gentoo.org/proj/baselayout.git/commit/?id=14c91b2c
enable protected_symlinks and protected_hardlinks by default Bug: https://bugs.gentoo.org/704914 Signed-off-by: William Hubbs <williamh <AT> gentoo.org> etc.Linux/sysctl.d/00protected-links.conf | 2 ++ etc.Linux/sysctl.d/README | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/etc.Linux/sysctl.d/00protected-links.conf b/etc.Linux/sysctl.d/00protected-links.conf new file mode 100644 index 00000000..5e4d7c6f --- /dev/null +++ b/etc.Linux/sysctl.d/00protected-links.conf @@ -0,0 +1,2 @@ +fs.protected_symlinks = 1 +fs.protected_hardlinks = 1 diff --git a/etc.Linux/sysctl.d/README b/etc.Linux/sysctl.d/README new file mode 100644 index 00000000..dc609ac9 --- /dev/null +++ b/etc.Linux/sysctl.d/README @@ -0,0 +1,15 @@ +For more information on how kernel parameter configuration works, please see +the manpages sysctl(8) and sysctl.conf(5). + +In order for this to work properly, you must first +enable 'Sysctl support' in the kernel. + +Look in /proc/sys/ for all the things you can setup. +sysctl processes files that end in *.conf in directories in the +following order before processing /etc/sysctl.conf. + +- /run/sysctl.d +- /etc/sysctl.d +- /usr/local/lib/sysctl.d +- /usr/lib/sysctl.d +- /lib/sysctl.d