exile_init_policy(): Don't unshare network namespaces by default
This no longer works on some distros (e. g. Ubuntu 24.04) which move (back) to restrict unprivileged user namespaces, and is not required when Landlock is available, which is more and more a given, thankfully.
This commit is contained in:
parent
4059c1a093
commit
3732524bfa
4
exile.c
4
exile.c
@ -621,10 +621,10 @@ struct exile_policy *exile_init_policy()
|
|||||||
{
|
{
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
result->drop_caps = 1;
|
result->drop_caps = 0;
|
||||||
result->not_dumpable = 1;
|
result->not_dumpable = 1;
|
||||||
result->no_new_privs = 1;
|
result->no_new_privs = 1;
|
||||||
result->namespace_options = EXILE_UNSHARE_MOUNT | EXILE_UNSHARE_USER;
|
result->namespace_options = EXILE_UNSHARE_AUTOMATIC;
|
||||||
result->namespace_uid = 0;
|
result->namespace_uid = 0;
|
||||||
result->namespace_gid = 0;
|
result->namespace_gid = 0;
|
||||||
return result;
|
return result;
|
||||||
|
Loading…
Reference in New Issue
Block a user