You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As such, unprivileged processes will only be able to create user namespaces if they are confined and have the “userns,” rule in their AppArmor profile (or if they have CAP_SYS_ADMIN).
…
This feature will be first available as an opt-in in Ubuntu 23.1.
Probably we should provide an apparmor profile in contrib/
The text was updated successfully, but these errors were encountered:
/etc/apparmor.d/usr.sbin.runc from apparmor_4.0.0~alpha2-0ubuntu5_amd64.deb:
abi <abi/4.0>,
include <tunables/global>
/usr/sbin/runc flags=(unconfined) {
userns,
# Site-specific additions and overrides. See local/README for details.
include if exists <local/usr.sbin.runc>
}
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
Probably we should provide an apparmor profile in contrib/
The text was updated successfully, but these errors were encountered: