Hi,

On Mon, 2021-02-22 at 09:54 +0100, Ludovic Courtès wrote:
> [...]
> > Subject: [PATCH] services: prevent following symlinks during activation
>                              ^
> Nitpick: we usually capitalize here and in the commit log.

Fixed!  Also added a period at the end.

> Perhaps add a couple of lines explaining that this fixes a potential
> security issue, with a link to this thread.

Done.  But since ....

> > Currently, there's a TOCTTOU race.  This can be addressed
> > once guile has bindings for fstatat, openat and friends.

... I only claim it's a partial fix at best in the commit message.

> I’d move that comment next to the ‘mkdir-p/perms’ definition.

I copied it there, but left it (reworded slightly) in the commit
message, to avoid giving a false impression the potential security issue
is really fixed.

> > * guix/build/service-utils.scm: new module
> >   with new procedure 'mkdir-p/perms'.
> 
> I think you can remove these lines.

I removed the ‘Makefile.am’ and ‘guix/build/service-utils.scm’
lines which aren't relevant anymore, but kept the other lines.

Is all addressed now? (Aside from the TOCTTOU.)

Maxime.