[apparmor] Restricted userns
valoq
valoq at mailbox.org
Thu Oct 31 19:11:33 UTC 2024
On Thu, Oct 31, 2024 at 07:54:04AM -0700, John Johansen wrote:
> On 10/31/24 06:59, valoq wrote:
> Currently it is not.
>
> The ability to mediate userns creation in profiles landed in 6.7.
>
> The 2 and 3rd parts have not landed upstream yet. This is largely because
> the Ubuntu patches hard code the behavior where for upstream we want the
> behavior to be properly part of policy.
>
> There is a patch to extend the current mediation that is a requirement
> for parts 2/3 that I will try to post out this week. The other parts
> I still need to evaluate. But I don't think landing full support for
> is possible for 6.13. So I am currently planning to try and land full
> support in 6.14.
Thanks for the replay and the upcoming patch.
If there is anything I can help, please let me know. While I do not have
experience with kernel development, I would like to support this patch
however possible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20241031/df1d8b62/attachment.sig>
More information about the AppArmor
mailing list