sandboxing: check whether debian specific patch disables user namespaces for unpriv users
这个提交包含在:
父节点
cc47b2823e
当前提交
efd7aff613
@ -200,6 +200,18 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
|
||||
|
||||
bool SandboxLinux::supported()
|
||||
{
|
||||
std::fstream stream;
|
||||
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
|
||||
if(stream.is_open())
|
||||
{
|
||||
std::string str;
|
||||
stream >> str;
|
||||
if(str[0] == '0')
|
||||
{
|
||||
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable sandboxing support on this system";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
bool SandboxLinux::enableForWorker()
|
||||
|
正在加载...
在新工单中引用
屏蔽一个用户