that solves it, thanks
fwiw, I'm reading about this kernel option from lwn,
https://lwn.net/Articles/673597/
and the opinions vary whether there's security improvement having it
enabled/disabled...
this may not be desirable for multi-user systems, here it's just a
workstation so I suppose it is ok to use this mode as enabled.
On 2019-11-16 3:13 a.m., Bastian Blank wrote:
On Fri, Nov 15, 2019 at 11:23:09PM -0500, westlake wrote:
When this kernel is used, the latest version of chrome crashes saying it
can't launch because it is not able to create its own sandbox.
(chrome "Version 78.0.3904.97 (Official Build) (64-bit)")
Please try:
| sysctl -w kernel.unprivileged_userns_clone=1
Bastian
