On 2018-02-14, Enrico Weigelt <lkml@xxxxxxxxx> wrote: > On 14.02.2018 04:54, Aleksa Sarai wrote: > > > It depends how old your kernel is and what distro you use. Arch Linux > > > disables user namespaces entirely, Debian requires that you set a > sysctl> to enable unprivileged user namespaces, and RHEL requires you to > set> both a sysctl and a kernel boot-flag. Also check how old your kernel > is> (unprivileged user namespace support was added in 3.8). > Just tried on a mainline kernel (4.15). Same problem: > > root@alphabox:~ unshare -U -r > unshare: unshare(0x14000000): Invalid argument > root@alphabox:/proc/sys/user cat max_user_namespaces > 5922 What distribution are you using and which release? Also, are you trying to do this inside a Docker container or something similar (Docker has seccomp filters that block CLONE_NEWUSER by default, for instance). -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ Containers mailing list Containers@xxxxxxxxxxxxxxxxxxxxxxxxxx https://lists.linuxfoundation.org/mailman/listinfo/containers
