Re: Enabling hardlink restrictions to the Linux VFS in 3.6 by default

[Linus Torvalds]

On Thu, Oct 25, 2012 at 5:13 AM, Holger Kiehl <Holger.Kiehl@xxxxxx> wrote:
>
> as of linux 3.6 hardlink restrictions to the Linux VFS have been enabled
> by default. This breaks the application AFD [1] of which I am the author.

Ok, we had a previous report of breakage, but that was just local
scripting. Since that was just a single user (Nick Bowler), and he was
ok with just fixing his setup, I let it go, waiting to see if anybody
else reacted.

There may well have been other users that had odd breakage, but didn't
realize what the cause was.

Regardless, clearly this does break things, and as such needs to be
undone. We do not cause regressions that people notice in the kernel.

So I've defaulted these things to off, and marked it for stable. See
commit 561ec64ae67e ("VFS: don't do protected {sym,hard}links by
default"). Either distributions can enable it with some security
setting (along with the other security things they do, like the whole
selinux thing), or we might at some future date make some config
option for "boot up in hard-*ss mode that may break things", but for
now we clearly cannot enable it by default.

I've added people from the original commit and the previous discussion
to the cc, and marked the commit for stable too.

  Thanks,
              Linus
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/