Open wiredhikari opened 2 years ago
Hi, it looks like the bubblewrap disables this feature for security. https://github.com/containers/bubblewrap#security
In particular, bubblewrap uses PR_SET_NO_NEW_PRIVS to turn off setuid binaries, which is the traditional way to get out of things like chroots.
On creating users and assigning them the group
wheel
and making changes viavisudo
don't allow users to execute sudo command.