Kicksecure:master ← raja-grewal:namespaces
opened 01:33AM - 18 Jul 24 UTC
Enable `sysctl` to restrict user namespaces to users with `CAP_SYS_ADMIN`.
Li…kely not enabled in the past due to breakages across numerous software.
However, now that we are on Debian Bookworm (kernel 6.1.x) and years have passed since the introduction of this parameter, a lot of software has began accommodating this parameter.
FOSS in my experience works fine. A lot of proprietary software works but some will quite likely break.
For example, one difference appears to be that software that uses the system-wide Electron versions are all functional, whereas some of those that package their own version may not work.
Needs to be thoroughly tested before being enabled.
## Changes
`kernel.unprivileged_userns_clone=0`
## Mandatory Checklist
- [x] Legal agreements accepted. By contributing to this organisation, you acknowledge you have read, understood, and agree to be bound by these these agreements:
[Terms of Service](https://www.kicksecure.com/wiki/Terms_of_Service), [Privacy Policy](https://www.kicksecure.com/wiki/Privacy_Policy), [Cookie Policy](https://www.kicksecure.com/wiki/Cookie_Policy), [E-Sign Consent](https://www.kicksecure.com/wiki/E-Sign_Consent), [DMCA](https://www.kicksecure.com/wiki/DMCA), [Imprint](https://www.kicksecure.com/wiki/Imprint)
## Optional Checklist
The following items are optional but might be requested in certain cases.
- [x] I have tested it locally
- [x] I have reviewed and updated any documentation if relevant
- [ ] I am providing new code and test(s) for it