Bug#1002064: default kernel setting protected_regular=2 breaks file system access and is hard to fix
Daniel Feuchtinger
daniel.feuchtinger at lrz.de
Tue Dec 21 10:49:05 GMT 2021
Package: procps
Version: 2:3.3.17-5
Package: systemd
Version: 247.3-6
Debian 11 introduces a new feature, that prevents users from writing to files that they don't own ignoring the file permissions
(see https://github.com/torvalds/linux/commit/30aba6656f ).
1. I think, that should not be the default behaviour but opt in.
2. If you fix it (write "fs.protected_regular=0" to /etc/sysctl.conf) that fix should work.
The packages procps contains the file /usr/lib/sysctl.d/protect-links.conf with the line
"fs.protected_regular = 2" that is loaded after /etc/sysctl.conf and breaks the fix.
If I remove / alter the file in /usr/lib/sysctl.d, it may be overwritten with the next update.
I don't know who's to blaim, systemd not loading the files in a sensible order or
procps for putting the file in the wrong place? I suspect it's systemd, /etc/* should
override /usr/* ?
A side note: I found no mention of this in the release notes or anyhwere els on
a debian site. For a change that severe, some documentation would have been helpful.
Suggestion: put a commented line in /etc/sysctl.conf
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6024 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20211221/6e64d82a/attachment.bin>
More information about the Pkg-systemd-maintainers
mailing list