Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled

From: Daniel Micay
Date: Mon Jan 25 2016 - 21:28:27 EST

Next message: Rob Herring: "Re: [PATCH] ASoC: fsl: add imx-cs427x machine driver"
Previous message: Yakir Yang: "Re: [PATCH v6] drm/rockchip: hdmi: add Innosilicon HDMI support"
In reply to: Andy Lutomirski: "Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled"
Next in thread: Eric W. Biederman: "Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> This feature is already implemented by two distros, and likely wanted
> by others. We cannot ignore that.

Date point: Arch Linux won't be enabling CONFIG_USERNS until there's a
way to disable unprivileged user namespaces. The kernel maintainers are
unwilling to carry long-term out-of-tree patches.

https://github.com/sandstorm-io/sandstorm/blob/d270755b1b55e5be6c96df2cce7c914f35f0d2a2/install.sh#L464-L474

Attachment: signature.asc
Description: This is a digitally signed message part

Next message: Rob Herring: "Re: [PATCH] ASoC: fsl: add imx-cs427x machine driver"
Previous message: Yakir Yang: "Re: [PATCH v6] drm/rockchip: hdmi: add Innosilicon HDMI support"
In reply to: Andy Lutomirski: "Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled"
Next in thread: Eric W. Biederman: "Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]