On Mon, Dec 17, 2018 at 04:32:50AM -0500, Michael Gilbert wrote:
> On Fri, Nov 16, 2018 at 4:30 AM Bastian Blank wrote:
> > Debian does not support unprivileged user namespaces, so chromium needs
> > to depend on -sandbox to get a working package.
> The debian version of the kernel package provides
> kernel.unprivileged_userns_clone as a runtime selectable option for a
> while now.
Which is disabled by default and a package must not mangle it.
> Since this can be used in place of chromium's setuid binary, my
> opinion is that the Depends relationship on chromium-sandbox is no
> longer required.
Nope, at least if the package is supposed to work without admin
intervention.
Regards,
Bastian
--
Virtue is a relative term.
-- Spock, "Friday's Child", stardate 3499.1
