Control: tag -1 wontfix On Thu, 2022-06-09 at 01:57 +0200, Philippe Cerfon wrote: [...] > It rather seems that this feature is only of special use, namely for > those people who use user namespaces with containers or similar - by > far no default on a average server or desktop. [...]
This is wrong. On the desktop, browsers and Flatpak rely on user namespaces for sandboxing (with an alternative being to install more programs setuid-root). On servers, use of containers is increasingly common. This is not "special use", it's absolutely standard. We made the decision that the benefits of sandboxing with user namespaces are likely to outweigh the risks, on most systems. Nothing you've said convinces me to alter that assessment. Ben. -- Ben Hutchings It's easier to fight for one's principles than to live up to them.
Description: This is a digitally signed message part