[arch-general] [arch-dev-public] linux 3.16 in [testing]
Thomas Bächler
thomas at archlinux.org
Wed Aug 13 12:44:39 EDT 2014
Am 13.08.2014 um 17:29 schrieb Damjan Georgievski:
> On 13 August 2014 17:26, Damjan Georgievski <gdamjan at gmail.com> wrote:
>> yey
>> thanks for CONFIG_USER_NS=y
>
> ahh no, I'm stupid.
> Checked it on another machine and got excited before hand
> :/
>
> anyway. is there a reason this is not enabled now?
> all the mainstream distros hae it enabled now Fedora, RHEL/CentOS 7,
> Ubuntu and Debian (at least on the backported kernel)
I'd think about it, if the feature wasn't entirely useless. Despite the
lack of official documentation, I found a document that described how it
worked. After reading that document I concluded that the feature is a
huge potential security risk with no actual benefit.
If you give me a valid use case for USER_NS, I might reconsider, but
every use case I can imagine is crushed by the limitations of the
implementation.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20140813/db4d4442/attachment.asc>
More information about the arch-general
mailing list