On Thu, 2015-05-28 at 12:14 -0500, Eric W. Biederman wrote: > > > Where does the second namespace enter into this? > > Step a. Create create a user namespace where uid 0 is mapped to your > real uid, and set up your sandbox (aka mount /dev/pts and everything > else). > > Step b. Create a nested user namespace where your uid is identity > mapped and run your desktop application. You can even drop all caps > in > your namespace.
Just tried this. Its not the nicest, and it doubles the number of namespaces in action for each sandbox, but it does work. _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
