Comment 1 Aaron Bauman (RETIRED) 2018-01-31 17:40:22 UTC

No unaffected version in Gentoo repo yet hence bug summary change.

@maintainers, Upstream 237 version contains fix as noted by Sebastian.

Comment 2 Sebastian Pipping 2018-01-31 17:48:07 UTC

(In reply to Aaron Bauman from comment #1)
> @maintainers, Upstream 237 version contains fix as noted by Sebastian.

Seems like the was cherry-picking involved.  This is the commit included with v237:
https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada

Comment 3 Mike Gilbert 2018-01-31 19:55:29 UTC

I believe this issue does not affect systemd in its default configuration on Gentoo. I am therefore in no hurry to backport the fix or to stabilize a newer version.

Comment 4 Michael Orlitzky 2018-01-31 21:57:54 UTC

There were some other tmpfiles changes in the PR that could complicate a cherry-pick, but a backport is overkill regardless. You have to go out of your way to disable a sysctl whose sole purpose is to protect you from things like this. A more important fix is targeted for v238; this one just happened to land right as v237 was cut.

Comment 5 Aaron Bauman (RETIRED) 2018-01-31 22:00:26 UTC

(In reply to Mike Gilbert from comment #3)
> I believe this issue does not affect systemd in its default configuration on
> Gentoo. I am therefore in no hurry to backport the fix or to stabilize a
> newer version.

Agreed.  This is simply hardening for our systemd users who may decide to disable protected hardlinks.

Comment 6 Aaron Bauman (RETIRED) 2018-03-25 19:30:45 UTC

Mitigated by fs.protected_hardlinks wrt bug #540006.