On Thu, 2018-02-08 at 14:18 +0100, Peter Wienemann wrote:
> Dear kernel experts,
> I've got some questions concerning the plans for user namespaces:
> 1. In stretch unprivileged user namespaces are enabled in the
> compile-time configuration of the kernel but disabled in the run-time
> configuration by default. As a consequence one needs to set
> "kernel.unprivileged_userns_clone=1" before one can make use of them.
> Are there any plans to change the default run-time configuration for buster?

No, this default mitigates a lot of security vulnerabilities.

> 2. If the answer to the first question is "no", what is the preferred
> behaviour upon installation of packages requiring the above feature?
>    a) Warn the user and ask him/her to switch them on?
>    b) Silently switch them on?
>    c) Add instructions in README.Debian?
>    d) Something else?

I think (a) and/or (c).


Ben Hutchings
Lowery's Law:
        If it jams, force it. If it breaks, it needed replacing anyway.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to