Comment on Flatpak requiring unprivileged user namespaces

This commit is contained in:
raja-grewal 2024-09-25 10:01:45 +10:00 committed by GitHub
parent 769767a96a
commit 870ff88605
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194

View File

@ -119,6 +119,7 @@ kernel.sysrq=0
## User namespaces aim to improve sandboxing and accessibility for unprivileged users.
## Unprivileged user namespaces pose substantial privilege escalation risks.
## Restricting may lead to breakages in numerous software packages.
## Flatpak requires unprivileged users to create new user namespaces for sandboxing.
## Uncomment the second sysctl to entirely disable user namespaces.
## Disabling entirely will reduce compatibility with some AppArmor profiles.
## Disabling entirely is known to break the UPower systemd service.
@ -127,6 +128,7 @@ kernel.sysrq=0
## https://madaidans-insecurities.github.io/linux.html#kernel
## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
## https://github.com/NixOS/nixpkgs/pull/84522#issuecomment-614640601
## https://github.com/flatpak/flatpak/wiki/User-namespace-requirements
## https://github.com/Kicksecure/security-misc/pull/263
##
## KSPP=partial