|
|
|
|
|
|
by LegionMammal978
749 days ago
|
|
|
Well, perhaps I'm being unfair talking about distros plural: I'm mainly thinking of how the latest Ubuntu has disabled unprivileged user namespaces by default [0], seeing them as too big an attack surface to let everything use them. It looks like Debian used to have them disabled, but then re-enabled them for the sake of web browsers [1]; I'm sure they'd re-disable them if they found some solution similar to Ubuntu's AppArmor one. For other distros, it's difficult to find up-to-date information on whether they enable or disable unprivileged user namespaces, since many have flipped back and forth over the last decade. All that is to say that unless your program is given privileges itself (e.g., Docker), or can wheedle user-namespace permissions out of the packagers, there's no chance you'll be able to distribute namespace-using code and have it work consistently for most users. [0] https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat... [1] https://salsa.debian.org/kernel-team/linux/-/commit/a3819178... |
|
|