zulcss/mmdebstrap
1
0
Fork 0
forked from josch/mmdebstrap
Code Pull requests Activity

remove information about kernel.unprivileged_userns_clone from the man page

Browse source
This commit is contained in:
Johannes Schauer Marin Rodrigues 2022-02-11 23:02:31 +01:00
parent ce8a9f8764
commit 38a81e75bb
Signed by untrusted user: josch
GPG key ID: F2CBA5C78FBD83E1
1 changed files with 1 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
mmdebstrap
View file

@ -6297,11 +6297,7 @@ needs to be able to mount and thus requires C<SYS_CAP_ADMIN>.
This mode uses Linux user namespaces to allow unprivileged use of chroot and This mode uses Linux user namespaces to allow unprivileged use of chroot and
creation of files that appear to be owned by the superuser inside the unshared creation of files that appear to be owned by the superuser inside the unshared
namespace. A tarball created in this mode should be bit-by-bit identical to a namespace. A tarball created in this mode should be bit-by-bit identical to a
tarball created with the B<root> mode. In Debian, this mode requires the sysctl tarball created with the B<root> mode.
C<kernel.unprivileged_userns_clone> being set to C<1>. The default used to be
C<0> but was changed to C<1> with linux 5.10.1 or Debian 11 (Bullseye).
B<SETTING THIS OPTION TO 1 HAS SECURITY IMPLICATIONS>. Refer to
L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446>
A directory chroot created with this mode will end up with wrong ownership A directory chroot created with this mode will end up with wrong ownership
information. For correct ownership information, the directory must be accessed information. For correct ownership information, the directory must be accessed