mirrors/security-misc
1
0
Fork 0
mirror of https://github.com/Kicksecure/security-misc.git synced 2024-12-23 01:33:35 +07:00
Code Issues Packages Projects Releases Wiki Activity

Add details on user namespaces

Browse Source
This commit is contained in:
Raja Grewal 2024-08-18 13:53:11 +10:00
parent 759aee8150
commit 1f51d4eeb2
No known key found for this signature in database
GPG Key ID: 92CA473C156B64C4
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
usr/lib/sysctl.d/990-security-misc.conf
View File

@ -94,9 +94,13 @@ kernel.sysrq=0
## Unprivileged user namespaces pose substantial privilege escalation risks.
## Restricting may lead to breakages in numerous software packages.
## Uncomment the second sysctl to entirely disable user namespaces.
## Disabling entirely will reduce compatibility with some AppArmor profiles.
##
## https://lwn.net/Articles/673597/
## https://madaidans-insecurities.github.io/linux.html#kernel
## https://github.com/a13xp0p0v/kernel-hardening-checker#questions-and-answers
## https://github.com/NixOS/nixpkgs/pull/84522#issuecomment-614640601
## https://github.com/Kicksecure/security-misc/pull/263
##
## KSPP=partial
## KSPP sets the stricter sysctl user.max_user_namespaces=0.