Craig Small <csm...@debian.org> schrieb: > --0000000000004806c5059d3edeb1 > Content-Type: text/plain; charset="UTF-8" > > Hi, > About 2 years ago the procps package added protection for hard and soft > symlinks. The bug report was 889098 and has seemed to work fine. > > There is also now bug #914859 which would extend this same protection for > other files, as mentioned in [1]
I'm in favour of setting both to 1. From a quick search Ubuntu carried a patch in their systemd package to set this as well (LP 1845637). protected hardlinks/symlinks are enabled via a Debian-specific kernel patch by default, so I'd say that src:linux should be patched as well, this changes the default at the deepest level and the /etc/sysctl.conf kicks in for anyone running custom built kernels. Cheers, Moritz