exile_init_policy(): Don't unshare network namespaces by default
This no longer works on some distros (e. g. Ubuntu 24.04) which move (back) to restrict unprivileged user namespaces, and is not required when Landlock is available, which is more and more a given, thankfully.
This commit is contained in:
orang tua
4059c1a093
melakukan
3732524bfa
4
exile.c
4
exile.c
@ -621,10 +621,10 @@ struct exile_policy *exile_init_policy()
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
result->drop_caps = 1;
|
||||
result->drop_caps = 0;
|
||||
result->not_dumpable = 1;
|
||||
result->no_new_privs = 1;
|
||||
result->namespace_options = EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_USER;
|
||||
result->namespace_options = EXILE_UNSHARE_AUTOMATIC;
|
||||
result->namespace_uid = 0;
|
||||
result->namespace_gid = 0;
|
||||
return result;
|
||||
|
||||
Memuat…
x
Reference in New Issue
Block a user