sandboxing: check whether debian specific patch disables user namespaces for unpriv users
Tento commit je obsažen v:
rodič
e14aa99a4b
revize
1e150144e6
@ -196,6 +196,19 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
|
|||||||
|
|
||||||
bool SandboxLinux::supported()
|
bool SandboxLinux::supported()
|
||||||
{
|
{
|
||||||
|
std::fstream stream;
|
||||||
|
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
|
||||||
|
if(stream.is_open())
|
||||||
|
{
|
||||||
|
std::string str;
|
||||||
|
stream >> str;
|
||||||
|
if(str[0] == '0')
|
||||||
|
{
|
||||||
|
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable "
|
||||||
|
"sandboxing support on this system";
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
bool SandboxLinux::enableForWorker()
|
bool SandboxLinux::enableForWorker()
|
||||||
|
Načítá se…
Odkázat v novém úkolu
Zablokovat Uživatele