Git-Mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-10-01 08:25:45 -04:00
Code Issues Packages Projects Releases Wiki Activity

Comment on Flatpak requiring unprivileged user namespaces

Browse Source
This commit is contained in:
raja-grewal 2024-09-25 10:01:45 +10:00 committed by GitHub
parent 769767a96a
commit 870ff88605
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -119,6 +119,7 @@ kernel.sysrq=0
## User namespaces aim to improve sandboxing and accessibility for unprivileged users. ## User namespaces aim to improve sandboxing and accessibility for unprivileged users.
## Unprivileged user namespaces pose substantial privilege escalation risks. ## Unprivileged user namespaces pose substantial privilege escalation risks.
## Restricting may lead to breakages in numerous software packages. ## Restricting may lead to breakages in numerous software packages.
## Flatpak requires unprivileged users to create new user namespaces for sandboxing.
## Uncomment the second sysctl to entirely disable user namespaces. ## Uncomment the second sysctl to entirely disable user namespaces.
## Disabling entirely will reduce compatibility with some AppArmor profiles. ## Disabling entirely will reduce compatibility with some AppArmor profiles.
## Disabling entirely is known to break the UPower systemd service. ## Disabling entirely is known to break the UPower systemd service.
@ -127,6 +128,7 @@ kernel.sysrq=0
## https://madaidans-insecurities.github.io/linux.html#kernel ## https://madaidans-insecurities.github.io/linux.html#kernel
## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers ## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
## https://github.com/NixOS/nixpkgs/pull/84522#issuecomment-614640601 ## https://github.com/NixOS/nixpkgs/pull/84522#issuecomment-614640601
## https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
## https://github.com/Kicksecure/security-misc/pull/263 ## https://github.com/Kicksecure/security-misc/pull/263
## ##
## KSPP=partial ## KSPP=partial