Bug#898446: Please reconsider enabling the user namespaces by default
Source: linux
Version: 4.16.5-1
Severity: normal
Hi,
Firefox (and probably other applications) are using user namespaces these
days to enhance the security.
Debian is disabling these since 2013, the original patch states it's a
short term solution, but we are here 5 years later and they are still
disabled.
Apparently debian (and ubuntu) and arch are the only distributions
disabling the user namespaces.
Is there a list of remaining issues with the user namespaces? IIRC the
only discussion I've seen were about adding upstream the option to
disable them at runtime, nothing else.
Is it a possibility to reenable these for buster?
Kind regards,
Laurent Bigonville
-- System Information:
Debian Release: buster/sid
APT prefers unstable-debug
APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.16.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: SELinux: enabled - Mode: Permissive - Policy name: refpolicy
Reply to: