On Thu, 2020-11-26 at 17:45 -0500, Michael Orlitzky wrote: > On 11/26/20 5:37 PM, Peter Stuge wrote: > > Georgy Yakovlev wrote: > > > I'll be switching default tmpfiles provider to sys-apps/systemd- > > > tmpfiles > > > by the end of the week by updating virtual/tmpfiles ebuild. > > > > Michael Orlitzky wrote: > > > Corollary: the tmpfiles.d specification can only be implemented > > > (safely) > > > on Linux after all. > > > > So should virtual/tmpfiles differentiate based on system? > > > > There's no scenario where opentmpfiles is preferable. > > systemd-tmpfiles with the fs.protected_hardlinks=1 sysctl is secure on > Linux. On other kernels, you're out of luck -- none of the options are > secure. Securing the service manager on other kernels would require > dropping tmpfiles entirely, and major changes to OpenRC. >
...which is mostly a theoretical exercise, because we only support Linux anyways.
