]> git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit - kernel/fork.c
projects / mirror_ubuntu-bionic-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7f5746b) | patch
UBUNTU: SAUCE: add a sysctl to disable unprivileged user namespace unsharing
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Tue, 5 Jan 2016 20:12:21 +0000 (20:12 +0000)
committerSeth Forshee <seth.forshee@canonical.com>
Mon, 29 Jan 2018 13:44:52 +0000 (07:44 -0600)
commit680f78754946be4a38607812d8a87acb7ada2dae
tree4bdfa682e373f395fb1f89838d1797aeb0562807tree
parent7f5746bee39d7ed200df9c5936cd61b78b0c35efcommit | diff
UBUNTU: SAUCE: add a sysctl to disable unprivileged user namespace unsharing

It is turned on by default, but can be turned off if admins prefer or,
more importantly, if a security vulnerability is found.

The intent is to use this as mitigation so long as Ubuntu is on the
cutting edge of enablement for things like unprivileged filesystem
mounting.

(This patch is tweaked from the one currently still in Debian sid, which
in turn came from the patch we had in saucy)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
kernel/fork.c diff | blob | blame | history
kernel/sysctl.c diff | blob | blame | history
kernel/user_namespace.c diff | blob | blame | history
ubuntu-bionic-kernel mirror