crtxcr
/
qswiki
1
0
Fork 0
Koodi Ongelmat 21 Pull-pyynnöt 1 Julkaisut Toiminta

sandboxing: check whether debian specific patch disables user namespaces for unpriv users

This commit is contained in:
Albert S. 2019-08-12 09:06:32 +02:00
vanhempi e14aa99a4b
commit 1e150144e6
1 muutettua tiedostoa jossa 13 lisäystä ja 0 poistoa
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sandbox/sandbox-linux.cpp
Näytä tiedosto

@ -196,6 +196,19 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
bool SandboxLinux::supported() bool SandboxLinux::supported()
{ {
std::fstream stream;
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
if(stream.is_open())
{
std::string str;
stream >> str;
if(str[0] == '0')
{
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable "
"sandboxing support on this system";
return false;
}
}
return true; return true;
} }
bool SandboxLinux::enableForWorker() bool SandboxLinux::enableForWorker()