/etc/nologin is used to deny logging non-root users (e.g. when temporary locking the host due to a local vulnerability). sys-apps/openrc-0.9.8.1 contains following code in /etc/init.d/bootmisc: start() { ... [ -w /etc/nologin ] && rm -f /etc/nologin } That means the /etc/nologin may be removed on reboot and the host made accessible for regular users again. Provided default umask makes /etc/nologin writable, the /etc/nologin gets removed by default. In my opinion, this is pretty bad idea and the line should get removed from /etc/init.d/bootmisc.
@openrc, thoughts on this?
that has a bit of historical context ... baselayout used to have an option to manually set that file while booting up and then rm it later on (once the system had finished booting). seems during the rewrite of openrc, the bigger picture was lost, and now the code indiscriminately punts the file. http://git.overlays.gentoo.org/gitweb/?p=proj/openrc.git;a=commitdiff;h=3ad501218d268f9884d84079f3e2de4ac0793147
Thank you for quick fix in upstream. However this issue still presents in latest stable portage version (sys-apps/openrc-0.9.8.4). Regarding the Gentoo Security notice, I think this bug report should keep opened until the fix reaches portage.