You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There was a post on reddit that kernel.unprivileged_userns_clone=0 doesn't stop docker running.
Kernel sysctl option kernel.unprivileged_userns_clone=0 doesn't stop docker from working. Flatpak has an issue but on Arch there's an alternative bwrap package that fixes this and is mentioned on the bubble wrap wiki.
I assume this requires docker to run as root though, which means no rootless docker.
I had a look at the bubblewrap mentioned there, doesn't seem to be anything about it except for:
We could elaborate a little there on why things like linux-hardened disable kernel.unprivileged_userns_clone=0, for example that it has been responsible for multiple privilege escalation vulnerabilities etc.
As for the "encrypted boot" part of that comment, we're removing this section #1850
The text was updated successfully, but these errors were encountered:
Description
URL of affected page: https://www.privacyguides.org/linux-desktop/hardening/#kernel-hardening
There was a post on reddit that
kernel.unprivileged_userns_clone=0doesn't stop docker running.I assume this requires docker to run as root though, which means no rootless docker.
I had a look at the bubblewrap mentioned there, doesn't seem to be anything about it except for:
We could elaborate a little there on why things like linux-hardened disable
kernel.unprivileged_userns_clone=0, for example that it has been responsible for multiple privilege escalation vulnerabilities etc.As for the "encrypted boot" part of that comment, we're removing this section #1850
The text was updated successfully, but these errors were encountered: