Seems I'm not the only one who's quite concerned about the ongoing
security impact of user namspaces, as the recent/current discussion
about some LSM patches for 6.1 shows:
99% of all code does NOT WANT the user namespace thing, and it's been
a big new attack surface for the kernel getting things subtly wrong.
It's still a shame to see that Debian intentionally sacrifices the
security of *all* users just for the needs of very few.
I'd very much like to see where Linus gets his "99%" from. Sounds a like
like a "I'm not using it, so 99% of all users aren't using it". Podman
certainly supports and uses them, when run as non-root. [1] [2]
The whole point of user namespaces is to *reduce* the attack surface,
not increase it. If you don't have a comparable feature, you need to
give your applications more power, increasing the risk of system
compromise overall.
For example: Running containers or container runtimes as root.
That the implementation has serious issues like this one is sad, but it
is more of an indication that the feature wasn't quite ready for general
consumption yet, not that it's a bad feature per se. And how would you
build a user base and discover issues without making the feature
available to the general public?
[1]
https://medium.com/techbull/what-is-user-namespace-and-podmans-rootless-containers-fc4c292c6bad
[2] https://opensource.com/article/18/12/podman-and-user-namespaces
