Bug#991426: release-notes: Recommend user.max_user_namespaces over kernel.unprivileged_userns

Discussion:

Bug#991426: release-notes: Recommend user.max_user_namespaces over kernel.unprivileged_userns_clone?

(too old to reply)

Simon McVittie

2021-07-23 09:30:01 UTC

Package: release-notes
Severity: normal
Tags: patch moreinfo
X-Debbugs-Cc: debian-***@lists.debian.org

If I understand correctly, user.max_user_namespaces is an upstream kernel
feature, but kernel.unprivileged_userns_clone comes from a Debian-specific
patch that might be removed in future releases. It seems better to recommend
the upstream version (also used in e.g. RHEL).

A possible patch is attached, but I'd prefer to get confirmation from
a kernel maintainer before applying this, hence tagged +moreinfo.

smcv

Ben Hutchings

2021-07-26 00:50:02 UTC

Permalink

Post by Simon McVittie
Package: release-notes
Severity: normal
Tags: patch moreinfo
If I understand correctly, user.max_user_namespaces is an upstream kernel
feature, but kernel.unprivileged_userns_clone comes from a Debian-specific
patch that might be removed in future releases. It seems better to recommend
the upstream version (also used in e.g. RHEL).
A possible patch is attached, but I'd prefer to get confirmation from
a kernel maintainer before applying this, hence tagged +moreinfo.

I agree that this may be more future-proof (though it's taken little
effort to maintain that patch over the last 8 years).

Ben.

--
Ben Hutchings
Reality is just a crutch for people who can't handle science fiction.

Debian Bug Tracking System

2021-07-26 18:00:01 UTC

Permalink

Your message dated Mon, 26 Jul 2021 19:55:18 +0200
with message-id <899d18c9-003b-3d0f-1314-***@debian.org>
and subject line Re: Bug#991426: release-notes: Recommend user.max_user_namespaces over kernel.unprivileged_userns_clone?
has caused the Debian Bug report #991426,
regarding release-notes: Recommend user.max_user_namespaces over kernel.unprivileged_userns_clone?
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ***@bugs.debian.org
immediately.)

--
991426: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991426
Debian Bug Tracking System
Contact ***@bugs.debian.org with problems