On Thu, Oct 31, 2024 at 07:54:04AM -0700, John Johansen wrote:
> On 10/31/24 06:59, valoq wrote:
> Currently it is not.
>
> The ability to mediate userns creation in profiles landed in 6.7.
>
> The 2 and 3rd parts have not landed upstream yet. This is largely because
> th
Ubuntu added a patch last year to allow user namespaces only for processes
confined by apparmor and allegedly the kernel patch for this feature made
it into the upstream kernel as well, but there seems to be no documentation
available about it. Additionaly, apparmor now includes default profiles
wi
Hello John,
can you give us a quick update on the status of this restricted userns feature?
Did it
make it into kernel 6.14 and if not when would it currently be expected.
Thank you
On Thu, Oct 31, 2024 at 07:54:04AM -0700, John Johansen wrote:
> On 10/31/24 06:59, valoq wrote:
> &g
