]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 78cfa64) | patch
UBUNTU: SAUCE: add a sysctl to disable unprivileged user namespace unsharing
authorSerge Hallyn <serge.hallyn@ubuntu.com>
Tue, 5 Jan 2016 20:12:21 +0000 (20:12 +0000)
committerSeth Forshee <seth.forshee@canonical.com>
Tue, 5 Sep 2017 12:33:08 +0000 (07:33 -0500)
commit8fa8a002546c42f061f070411ee50eb7e248ea0a
treeaba84a847172180b31dec850bb66762326678a90tree
parent78cfa64f9e1b1be47d7fc9ce08b5164c87a4f71acommit | diff
UBUNTU: SAUCE: add a sysctl to disable unprivileged user namespace unsharing

It is turned on by default, but can be turned off if admins prefer or,
more importantly, if a security vulnerability is found.

The intent is to use this as mitigation so long as Ubuntu is on the
cutting edge of enablement for things like unprivileged filesystem
mounting.

(This patch is tweaked from the one currently still in Debian sid, which
in turn came from the patch we had in saucy)

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
[bwh: Remove unneeded binary sysctl bits]
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
kernel/fork.c diff | blob | blame | history
kernel/sysctl.c diff | blob | blame | history
kernel/user_namespace.c diff | blob | blame | history
Ubuntu Artful kernel mirror