Simon McVittie
Simon McVittie
> the option 3 is only secure if the caps are dropped by default No, it's only secure if they are *always* dropped. If an attacker can choose whether or...
Part of the problem here is that some of the upstream Linux kernel developers consider user namespaces to be safe (except for the attacks they enable, which are considered to...
Sorry, I don't have the necessary knowledge of kernel subtleties to review this.
> Wouldn't it be more straightforward to use the `max_user_namespaces` sysctl? This looks like a simpler way to achieve the same thing. I might try implementing it if you don't...
> > Wouldn't it be more straightforward to use the `max_user_namespaces` sysctl? > > This looks like a simpler way to achieve the same thing. #488 reimplements this feature with...
> If I use --dir "$PWD" --chdir "$PWD" --ro-bind aaa aaa, I expect aaa to be bound in "$PWD", but it's bound in /. I could understand not wanting to...
If you get a copy of `bwrap` from `git submodule update`, and make Flatpak compile it (`./configure`, etc. in the flatpak directory), then you get `flatpak-bwrap` and Flatpak will use...
> on WSL Flatpak and bubblewrap require Linux. WSL is not Linux, it's Windows pretending to be Linux, and it does not have the full feature-set of a modern Linux...
> I'm running a hardened kernel where unprivileged users can't create user namespaces Is this [the same patch Debian uses](https://salsa.debian.org/kernel-team/linux/blob/master/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch)? > However, that doesn't work with a faked /dev any...
I think it should certainly be *possible* to make bubblewrap catch and forward signals, but I'm less sure that it should be catching and forwarding them *by default* - there's...