remove information about kernel.unprivileged_userns_clone from the man page
This commit is contained in:
parent
ce8a9f8764
commit
38a81e75bb
1 changed files with 1 additions and 5 deletions
|
@ -6297,11 +6297,7 @@ needs to be able to mount and thus requires C<SYS_CAP_ADMIN>.
|
||||||
This mode uses Linux user namespaces to allow unprivileged use of chroot and
|
This mode uses Linux user namespaces to allow unprivileged use of chroot and
|
||||||
creation of files that appear to be owned by the superuser inside the unshared
|
creation of files that appear to be owned by the superuser inside the unshared
|
||||||
namespace. A tarball created in this mode should be bit-by-bit identical to a
|
namespace. A tarball created in this mode should be bit-by-bit identical to a
|
||||||
tarball created with the B<root> mode. In Debian, this mode requires the sysctl
|
tarball created with the B<root> mode.
|
||||||
C<kernel.unprivileged_userns_clone> being set to C<1>. The default used to be
|
|
||||||
C<0> but was changed to C<1> with linux 5.10.1 or Debian 11 (Bullseye).
|
|
||||||
B<SETTING THIS OPTION TO 1 HAS SECURITY IMPLICATIONS>. Refer to
|
|
||||||
L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446>
|
|
||||||
|
|
||||||
A directory chroot created with this mode will end up with wrong ownership
|
A directory chroot created with this mode will end up with wrong ownership
|
||||||
information. For correct ownership information, the directory must be accessed
|
information. For correct ownership information, the directory must be accessed
|
||||||
|
|
Loading…
Reference in a new issue