Hi, I received an update from Leo Famulari: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=47229#25
When using a guix-daemon that does not include the fix [0] for the bug reported here, it is still possible for rogue build scripts to escape the build environment, even when protected hardlinks are enabled. Protected hardlinks do make exploitation significantly more difficult, but not impossible. So it is import for us to apply the fix. Diane
