Control: tag -1 wontfix

On Thu, 2022-06-09 at 01:57 +0200, Philippe Cerfon wrote:
> It rather seems that this feature is only of special use, namely for
> those people who use user namespaces with containers or similar - by
> far no default on a average server or desktop.

This is wrong.  On the desktop, browsers and Flatpak rely on user
namespaces for sandboxing (with an alternative being to install more
programs setuid-root).  On servers, use of containers is increasingly
common.  This is not "special use", it's absolutely standard.

We made the decision that the benefits of sandboxing with user
namespaces are likely to outweigh the risks, on most systems.  Nothing
you've said convinces me to alter that assessment.


Ben Hutchings
It's easier to fight for one's principles than to live up to them.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to