TLDR: For a typical user the only thing to do to maintain a secure system with normal functionality is to install the latest kernel update.
https://access.redhat.com/security/cve/CVE-2022-0185 This explanation of the bug with kernel namespaces is inadequate. If you disable user namespaces then systemd functionality will be impacted. All systemd users are using namespaces without really noticing it, it's not limited to people running Docker or similar things. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940933 Above is a bug report related to disabling such functionality. I encountered this issue after installing the hardening-runtime package in Debian which in it's default configuration disables such namespaces as a preventative measure. Obviously this CVE proved the benefit in the hardening-runtime package but also maintaining system functionality is a good thing. For Debian/Bullseye the package linux-image-5.10.0-11-amd64 has the fix for this. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/ _______________________________________________ luv-main mailing list -- [email protected] To unsubscribe send an email to [email protected]
