search

pkgcore / pychroot

a python library and cli tool that simplify chroot handling
https://pkgcore.github.io/pychroot/
BSD 3-Clause "New" or "Revised" License
32 stars 7 forks source link

Doc: User namespace are disable by default in debian #35

Open ikus060 opened 3 years ago

ikus060 commented 3 years ago

We should leave a notice in the README about Debian hardening regarding userns.

To enable, we need to:

echo 1 > /proc/sys/kernel/unprivileged_userns_clone

and make it persistant using:

echo 'kernel.unprivileged_userns_clone=1' > /etc/sysctl.d/userns.conf

I'm also reading a similar path is available for newer kernel with a different switch.

radhermit commented 3 years ago

We should leave a notice in the README about Debian hardening regarding userns.

I don't use Debian so it would be helpful if you make a PR adding a subsection to the requirements section of the README.