sandboxing: check whether debian specific patch disables user namespaces for unpriv users

Tento commit je obsažen v:
Albert S. 2019-08-12 09:06:32 +02:00
rodič e14aa99a4b
revize 1e150144e6

Zobrazit soubor

@ -196,6 +196,19 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
bool SandboxLinux::supported() bool SandboxLinux::supported()
{ {
std::fstream stream;
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
if(stream.is_open())
{
std::string str;
stream >> str;
if(str[0] == '0')
{
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable "
"sandboxing support on this system";
return false;
}
}
return true; return true;
} }
bool SandboxLinux::enableForWorker() bool SandboxLinux::enableForWorker()