Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 4 Feb 2022 13:26:16 +0300
From: "Anton V. Boyarshinov" <>
To: Christian Brauner <>
 Christoph Hellwig <>, Linus Torvalds
Subject: Re: [PATCH] Add ability to disallow idmapped mounts

В Fri, 4 Feb 2022 10:45:15 +0100
Christian Brauner <> пишет:

> If you want to turn off idmapped mounts you can already do so today via:
> echo 0 > /proc/sys/user/max_user_namespaces

It turns off much more than idmapped mounts only. More fine grained
control seems better for me.

> They can neither
> be created as an unprivileged user nor can they be created inside user
> namespaces.

But actions of fully privileged user can open non-obvious ways to
privilege escalation.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.