[apparmor] Restricted userns
valoq
valoq at mailbox.org
Thu Oct 31 13:59:21 UTC 2024
Ubuntu added a patch last year to allow user namespaces only for processes
confined by apparmor and allegedly the kernel patch for this feature made
it into the upstream kernel as well, but there seems to be no documentation
available about it. Additionaly, apparmor now includes default profiles
with the userns permission making use of this feature, but there is no
documentation about the requirements of this feature.
How can this feature actually be used on other linux distributions and
vanilla linux kernels? It seems like
kernel.apparmor_restrict_unprivileged_userns is not available outside of
ubuntu and most similar flags appear undocumented as well.
Is support for restricted userns actually available outside of ubuntu?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20241031/9314c17c/attachment.sig>
More information about the AppArmor
mailing list