first commit

etc_org/sysctl.d/10-link-restrictions.conf

@@ -0,0 +1,5 @@
+# These settings eliminate an entire class of security vulnerability:
+# time-of-check-time-of-use cross-privilege attacks using guessable
+# filenames (generally seen as "/tmp file race" vulnerabilities).
+fs.protected_hardlinks = 1
+fs.protected_symlinks = 1