Thanks for the link to the article. It did help a bit. However it did leave a few things unanswered. For example it seems that the following kernel parameters in debianmakes the user namespace disabled but not the network namespace. For example by using the above settings, Firefox and chrome by extension do not run in their own sandbox environment. But if were to set up the following kernel parameters then applications like firefox browser and to a certain degree other applications would not even connect to the internet.
So this leads to the conclusion that the debian kernel parameter, kernel.unprivileged_userns_clone does disable user namespaces but not for all the namespaces. So the question is which of the namespaces does this disable and which of them it does not.
Code:
kernel.unprivileged_userns_clone = 0user.max_user_namespaces = 49152user.max_net_namespaces = 49152Code:
kernel.unprivileged_userns_clone = 0user.max_user_namespaces = 49152user.max_net_namespaces = 0So this leads to the conclusion that the debian kernel parameter, kernel.unprivileged_userns_clone does disable user namespaces but not for all the namespaces. So the question is which of the namespaces does this disable and which of them it does not.
Statistics: Posted by DebianFox — 2024-07-03 05:13 — Replies 2 — Views 91