Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2025-05-02 13:46:03 -04:00
Code Issues Projects Releases Packages Wiki Activity

no longer set kernel.unprivileged_userns_clone=0

Browse source 
because it breaks too much

fixes https://github.com/Kicksecure/security-misc/issues/274
This commit is contained in:
Patrick Schleizer 2024-10-03 02:58:58 -04:00
parent f401d94d5e
commit 0e3ffa3f11
No known key found for this signature in database
GPG key ID: CB8D50BB77BB3C48
2 changed files with 11 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
usr/lib/sysctl.d/990-security-misc.conf
View file

@ -142,10 +142,11 @@ kernel.sysrq=0
## https://github.com/Kicksecure/security-misc/pull/263
## https://github.com/Kicksecure/security-misc/issues/274
##
## KSPP=partial
## KSPP sets sysctls kernel.unprivileged_userns_clone=0 and user.max_user_namespaces=0.
## KSPP=no
## KSPP sets user.max_user_namespaces=0 sysctl, a Linux mainline, stricter setting.
##
kernel.unprivileged_userns_clone=0
## kernel.unprivileged_userns_clone is a Debian specific kernel feature. Not Linux mainline.
#kernel.unprivileged_userns_clone=0
## Uncomment the following sysctl to entirely disable user namespaces.
#user.max_user_namespaces=0