Control: tag -1 moreinfo On Fri, 2018-05-11 at 20:44 +0200, Laurent Bigonville wrote: > Source: linux > Version: 4.16.5-1 > Severity: normal > > Hi, > > Firefox (and probably other applications) are using user namespaces these > days to enhance the security. Can you provide some information about this? > Debian is disabling these since 2013, the original patch states it's a > short term solution, but we are here 5 years later and they are still > disabled. And this still mitigates a significant fraction of the security issues found in the kernel. > Apparently debian (and ubuntu) and arch are the only distributions > disabling the user namespaces. > > Is there a list of remaining issues with the user namespaces? IIRC the > only discussion I've seen were about adding upstream the option to > disable them at runtime, nothing else. > > Is it a possibility to reenable these for buster? User namespaces *are* enabled - but by default, they can only be created by root. It is still possible to change that with a sysctl. Ben. -- Ben Hutchings The most exhausting thing in life is being insincere. - Anne Morrow Lindberg
Attachment:
signature.asc
Description: This is a digitally signed message part