crtxcr/qswiki
1
0
Fork 0
Code Issues 21 Pull Requests 1 Releases Activity

sandboxing: check whether debian specific patch disables user namespaces for unpriv users

Browse Source
This commit is contained in:
Albert S. 2019-08-12 09:06:32 +02:00
parent e14aa99a4b
commit 1e150144e6
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sandbox/sandbox-linux.cpp
View File

@ -196,6 +196,19 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
bool SandboxLinux::supported() bool SandboxLinux::supported()
{ {
std::fstream stream;
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
if(stream.is_open())
{
std::string str;
stream >> str;
if(str[0] == '0')
{
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable "
"sandboxing support on this system";
return false;
}
}
return true; return true;
} }
bool SandboxLinux::enableForWorker() bool SandboxLinux::enableForWorker()