DonKult/mmdebstrap
1
0
Fork 0
forked from josch/mmdebstrap
Code Issues Pull requests Projects Releases Wiki Activity

emit more warnings about setting kernel.unprivileged_userns_clone to 1

Browse source
This commit is contained in:
Johannes 'josch' Schauer 2020-03-07 02:13:53 +01:00
parent 48914894cb
commit 6c6378a6e0
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1
1 changed files with 6 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
mmdebstrap
View file

@ -3010,7 +3010,8 @@ sub main() {
info " sudo sysctl -w kernel.unprivileged_userns_clone=1";
info "or permanently enable unprivileged usernamespaces by"
. " putting the setting into /etc/sysctl.d/";
info "see https://bugs.debian.org/cgi-bin/"
info "THIS SETTING HAS SECURITY IMPLICATIONS!";
info "Refer to https://bugs.debian.org/cgi-bin/"
. "bugreport.cgi?bug=898446";
}
exit 1;
@ -4833,8 +4834,10 @@ by the _apt user, then apt sandboxing will be automatically disabled.
This mode uses Linux user namespaces to allow unprivileged use of chroot and
creation of files that appear to be owned by the superuser inside the unshared
namespace. A directory chroot created with this mode will end up with wrong
permissions. Choose to create a tarball instead. This mode requires the sysctl
C<kernel.unprivileged_userns_clone> being set to C<1>.
ownership information. Choose to create a tarball instead. This mode requires
the sysctl C<kernel.unprivileged_userns_clone> being set to C<1>. B<SETTING
THIS OPTION HAS SECURITY IMPLICATIONS>. Refer to
L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446>
=item B<fakeroot>, B<fakechroot>