On Monday, April 15th, 2024 at 5:47 PM, Simon McVittie <s...@debian.org> wrote:
> On Mon, 15 Apr 2024 at 17:13:09 +0200, Solar Designer wrote: > > I am not a kernel developer, so this is second-hand information; but I > believe the implementation of kernel.unprivileged_userns_clone used in > Debian (and subsequently copied from Debian by various other distros) > is derived from patches that were already proposed and rejected upstream, > so the feeling was that trying again to upstream that feature would be a > waste of time and upstream goodwill, because it would just get rejected > again by the same kernel maintainer. > Perhaps it's best to link old article covering the situation back then: https://lwn.net/Articles/673597/ And yes, current kernel maintainers are biggest proponents of unpriv userns so any restriction is rather impossible sell. Jordan
