Plans for user namespaces

To: debian-kernel@lists.debian.org
Subject: Plans for user namespaces
From: Peter Wienemann <wienemann@physik.uni-bonn.de>
Date: Thu, 8 Feb 2018 14:18:56 +0100
Message-id: <[🔎] 7902e84f-fa1d-4ebd-d963-90469e63afbb@physik.uni-bonn.de>

Dear kernel experts,

I've got some questions concerning the plans for user namespaces:

1. In stretch unprivileged user namespaces are enabled in the
compile-time configuration of the kernel but disabled in the run-time
configuration by default. As a consequence one needs to set
"kernel.unprivileged_userns_clone=1" before one can make use of them.
Are there any plans to change the default run-time configuration for buster?

2. If the answer to the first question is "no", what is the preferred
behaviour upon installation of packages requiring the above feature?

   a) Warn the user and ask him/her to switch them on?
   b) Silently switch them on?
   c) Add instructions in README.Debian?
   d) Something else?

Cheers, Peter

Reply to:

Follow-Ups:
- Re: Plans for user namespaces
  - From: Ben Hutchings <ben@decadent.org.uk>

Prev by Date: Re: Regression for ip6-in-ip4 IPsec tunnel in 4.14.16
Next by Date: Bug#886156: src:linux: Additional information as stack trace match
Previous by thread: Bug#884001: Fwd: Severe graphics corruption on intel graphics since linux-image-4.9.0-4-amd64
Next by thread: Re: Plans for user namespaces
Index(es):
- Date
- Thread