exile_init_policy(): Don't unshare network namespaces by default
This no longer works on some distros (e. g. Ubuntu 24.04) which move (back) to restrict unprivileged user namespaces, and is not required when Landlock is available, which is more and more a given, thankfully.
Dieser Commit ist enthalten in:
4
exile.c
4
exile.c
@@ -621,10 +621,10 @@ struct exile_policy *exile_init_policy()
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
result->drop_caps = 1;
|
||||
result->drop_caps = 0;
|
||||
result->not_dumpable = 1;
|
||||
result->no_new_privs = 1;
|
||||
result->namespace_options = EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_USER;
|
||||
result->namespace_options = EXILE_UNSHARE_AUTOMATIC;
|
||||
result->namespace_uid = 0;
|
||||
result->namespace_gid = 0;
|
||||
return result;
|
||||
|
||||
In neuem Issue referenzieren
Einen Benutzer sperren