Bug#1002064: default kernel setting protected_regular=2 breaks file system access and is hard to fix
Ansgar
ansgar at 43-1.org
Tue Dec 21 11:10:48 GMT 2021
reassign 1002064 procps 2:3.3.17-5
On Tue, 2021-12-21 at 11:49 +0100, Daniel Feuchtinger wrote:
> Debian 11 introduces a new feature, that prevents users from writing
> to files that they don't own ignoring the file permissions
> (see https://github.com/torvalds/linux/commit/30aba6656f ).
>
> 1. I think, that should not be the default behaviour but opt in.
I disagree: it is a sensible change. If you want an insecure
configuration, you should have to explicitly configure your system to
be so.
> 2. If you fix it (write "fs.protected_regular=0" to /etc/sysctl.conf)
> that fix should work.
You need to write to /etc/sysctl.d/protect-links.conf to overwrite
settings in /usr/lib/sysctl.d/protect-links.conf.
See the "examples" section in man:systemd-sysctl(8).
Ansgar
More information about the Pkg-systemd-maintainers
mailing list