sandboxing: check whether debian specific patch disables user namespaces for unpriv users
这个提交包含在:
父节点
e14aa99a4b
当前提交
1e150144e6
@ -196,6 +196,19 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
|
||||
|
||||
bool SandboxLinux::supported()
|
||||
{
|
||||
std::fstream stream;
|
||||
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
|
||||
if(stream.is_open())
|
||||
{
|
||||
std::string str;
|
||||
stream >> str;
|
||||
if(str[0] == '0')
|
||||
{
|
||||
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable "
|
||||
"sandboxing support on this system";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
bool SandboxLinux::enableForWorker()
|
||||
|
正在加载...
在新工单中引用
屏蔽一个用户