Hi, > I think it would be nice if these options were added to the default > sysctl.conf. > And it would probably make sense to also enable them per default, > possibly even with the more restricive mode "2".
$ uname -a 4.19.3-vanilla #1 SMP Wed Nov 21 21:37:13 CET 2018 x86_64 GNU/Linux $ cat /etc/sysctl.d/10-fs.conf fs.protected_fifos = 2 fs.protected_hardlinks = 1 fs.protected_regular = 2 fs.protected_symlinks = 1 fs.suid_dumpable = 0 I have not experienced any difficulties so far. -- mlnl
