Am 13.08.2014 um 17:29 schrieb Damjan Georgievski: > On 13 August 2014 17:26, Damjan Georgievski <gdam...@gmail.com> wrote: >> yey >> thanks for CONFIG_USER_NS=y > > ahh no, I'm stupid. > Checked it on another machine and got excited before hand > :/ > > anyway. is there a reason this is not enabled now? > all the mainstream distros hae it enabled now Fedora, RHEL/CentOS 7, > Ubuntu and Debian (at least on the backported kernel)
I'd think about it, if the feature wasn't entirely useless. Despite the lack of official documentation, I found a document that described how it worked. After reading that document I concluded that the feature is a huge potential security risk with no actual benefit. If you give me a valid use case for USER_NS, I might reconsider, but every use case I can imagine is crushed by the limitations of the implementation.
signature.asc
Description: OpenPGP digital signature
