~lanodan/public-inbox

1

Why I need 'sysctl kernel.unprivileged_userns_clone=1' to my linux in order to run badwolf?

Details
Message ID
<20231008162614.a2cd6ab106801de60b262c18@posteo.net>
DKIM signature
missing
Download raw message
Hi,

Just a librewolf user with desire to migrate to badwolf. But I wonder why I have to set
'sysctl kernel.unprivileged_userns_clone=1'

Any security explanations here?

Thanks a lot,
Xavier
Details
Message ID
<ZSLUdqsaONO2rOKS@cloudsdale.the-delta.net.eu.org>
In-Reply-To
<20231008162614.a2cd6ab106801de60b262c18@posteo.net> (view parent)
DKIM signature
missing
Download raw message
[2023-10-08 14:26:14+0000] Xavier B.:
> Just a librewolf user with desire to migrate to badwolf. But I wonder why I have to set
> 'sysctl kernel.unprivileged_userns_clone=1'
> 
> Any security explanations here?

Yeah, this is required for the sandbox based on bubblewrap when the bwrap executable isn't suid-root.

Probably should check with your distro if this is expected as I would see it as an integration bug.

Best regards
Reply to thread Export thread (mbox)