From 870ff88605b8167c8882162cc3da005d71ca0cd3 Mon Sep 17 00:00:00 2001
From: raja-grewal <rg_public@proton.me>
Date: Wed, 25 Sep 2024 10:01:45 +1000
Subject: [PATCH] Comment on Flatpak requiring unprivileged user namespaces

---
 usr/lib/sysctl.d/990-security-misc.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/usr/lib/sysctl.d/990-security-misc.conf b/usr/lib/sysctl.d/990-security-misc.conf
index 7329e77..e633df1 100644
--- a/usr/lib/sysctl.d/990-security-misc.conf
+++ b/usr/lib/sysctl.d/990-security-misc.conf
@@ -119,6 +119,7 @@ kernel.sysrq=0
 ## User namespaces aim to improve sandboxing and accessibility for unprivileged users.
 ## Unprivileged user namespaces pose substantial privilege escalation risks.
 ## Restricting may lead to breakages in numerous software packages.
+## Flatpak requires unprivileged users to create new user namespaces for sandboxing.
 ## Uncomment the second sysctl to entirely disable user namespaces.
 ## Disabling entirely will reduce compatibility with some AppArmor profiles.
 ## Disabling entirely is known to break the UPower systemd service.
@@ -127,6 +128,7 @@ kernel.sysrq=0
 ## https://madaidans-insecurities.github.io/linux.html#kernel
 ## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
 ## https://github.com/NixOS/nixpkgs/pull/84522#issuecomment-614640601
+## https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
 ## https://github.com/Kicksecure/security-misc/pull/263
 ##
 ## KSPP=partial