forked from josch/mmdebstrap
#898446 got closed and the default of kernel.unprivileged_userns_clone changed to 1
This commit is contained in:
parent
62bcf3261e
commit
ea6bbc1d9c
1 changed files with 4 additions and 3 deletions
|
@ -6109,9 +6109,10 @@ by the _apt user, then apt sandboxing will be automatically disabled.
|
|||
This mode uses Linux user namespaces to allow unprivileged use of chroot and
|
||||
creation of files that appear to be owned by the superuser inside the unshared
|
||||
namespace. A tarball created in this mode should be bit-by-bit identical to a
|
||||
tarball created with the B<root> mode. This mode requires the sysctl
|
||||
C<kernel.unprivileged_userns_clone> being set to C<1>. B<SETTING THIS OPTION
|
||||
HAS SECURITY IMPLICATIONS>. Refer to
|
||||
tarball created with the B<root> mode. In Debian, this mode requires the sysctl
|
||||
C<kernel.unprivileged_userns_clone> being set to C<1>. The default used to be
|
||||
C<0> but was changed to C<1> with linux 5.10.1 or Debian 11 (Bullseye).
|
||||
B<SETTING THIS OPTION TO 1 HAS SECURITY IMPLICATIONS>. Refer to
|
||||
L<https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898446>
|
||||
|
||||
A directory chroot created with this mode will end up with wrong ownership
|
||||
|
|
Loading…
Reference in a new issue