Re: [kernel-hardening] Re: [PATCH 0/2] sysctl: allow CLONE_NEWUSER to be disabled
From: Daniel Micay
Date: Mon Jan 25 2016 - 21:28:27 EST
> This feature is already implemented by two distros, and likely wanted
> by others. We cannot ignore that.
Date point: Arch Linux won't be enabling CONFIG_USERNS until there's a
way to disable unprivileged user namespaces. The kernel maintainers are
unwilling to carry long-term out-of-tree patches.
https://github.com/sandstorm-io/sandstorm/blob/d270755b1b55e5be6c96df2cce7c914f35f0d2a2/install.sh#L464-L474Attachment:
signature.asc
Description: This is a digitally signed message part