Paul Gevers wrote:
> Attached commit ready to push.
Looks good to me.
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Control: tags -1 patch confirmed
Hi
Attached commit ready to push.
Paul
From 2c36e76427bdf94d8e46138cb76c7b64414b5ddd Mon Sep 17 00:00:00 2001
From: Paul Gevers
Date: Sat, 8 May 2021 21:52:43 +0200
Subject: [PATCH] issues.dbk: Linux enables user namespaces by default
---
en/issues.dbk | 32 ++
On Thu, 29 Apr 2021 at 12:31:21 +0200, Paul Gevers wrote:
> Does either of you have anything to add?
>
> """
> From Linux 5.10, all users are allowed to create user namespaces by
> default. This will allow programs such as web browsers and container
> managers to create more restricted sandboxes
On Thu, Apr 29, 2021 at 12:31:21PM +0200, Paul Gevers wrote:
> The previous Debian default was to restrict this feature to processes
> running as root, because it exposed more security issues in the
> kernel. However, the security benefits of more widespread sandboxing
> probably now outweigh this
On Thu, 2021-04-29 at 12:31 +0200, Paul Gevers wrote:
> Package: release-notes
>
> Hi Ben, Simon,
>
> On Thu, 16 Apr 2020 03:09:25 +0100 Ben Hutchings
>
> wrote:
> > So I think we should do something like this:
> >
> > * Document user.max_user_namespaces in procps's shipped
> > /etc/sysctl.co
Package: release-notes
Hi Ben, Simon,
On Thu, 16 Apr 2020 03:09:25 +0100 Ben Hutchings
wrote:
> So I think we should do something like this:
>
> * Document user.max_user_namespaces in procps's shipped
> /etc/sysctl.conf
> * Set kernel.unprivileged_userns_clone to 1 by default, and deprecate
>
6 matches
Mail list logo
