On Tue, Jul 16, 2013 at 10:42:10AM +0200, Florian Weimer wrote: > On 07/15/2013 07:32 PM, Richard W.M. Jones wrote: > > >Why? > > Without it, it's possible to exploit certain weaknesses to make > /etc/shadow word-readable or worse, for example. > > Hard links are fundamentally incompatible with the way we run > SELinux, and this change mitigates that issue to some extent. Any more information on this. FWIW this change caused a segfault in OpenStack (now fixed, but there's a larger problem remaining - RHBZ#983218). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming blog: http://rwmj.wordpress.com Fedora now supports 80 OCaml packages (the OPEN alternative to F#) -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
