On Thu, 16 Apr 2020 at 03:09:25 +0100, Ben Hutchings wrote:
> I don't think we should keep patching in
> kernel.unprivileged_userns_clone forever, so the documented way to
> disable user namespaces should be setting user.max_user_namespaces to
> 0. But then there's no good way to have a drop-in file that changes
> back to the upstream default, because that's dependent on system memory
> size.
>
> So I think we should do something like this:
>
> * Document user.max_user_namespaces in procps's shipped
> /etc/sysctl.conf
> * Set kernel.unprivileged_userns_clone to 1 by default, and deprecate
> it (log a warning if it's changed)
> * Document the change in bullseye release notes
Is this something you intend to do before bullseye, or is it now going
to be after bullseye?
If this is intended to happen before bullseye, I'd like enough time
before the freeze to put an as-graceful-as-possible transition in place
in the bubblewrap package.
(I'm not sure what form that transition should take - suggestions welcome!
Ideally I'd like bubblewrap to be setuid root if and only if we are still
using a kernel where it needs to be.)
smcv
