sandboxing: check whether debian specific patch disables user namespaces for unpriv users

这个提交包含在:
Albert S. 2019-08-12 09:06:32 +02:00
父节点 cc47b2823e
当前提交 efd7aff613

查看文件

@ -200,6 +200,18 @@ bool SandboxLinux::enablePreWorker(std::vector<std::string> fsPaths)
bool SandboxLinux::supported()
{
std::fstream stream;
stream.open("/proc/sys/kernel/unprivileged_userns_clone");
if(stream.is_open())
{
std::string str;
stream >> str;
if(str[0] == '0')
{
Logger::error() << "Please write '1' to /proc/sys/kernel/unprivileged_userns_clone in order to enable sandboxing support on this system";
return false;
}
}
return true;
}
bool SandboxLinux::enableForWorker()