2016-01-22 23:50 GMT+01:00 Kees Cook <keescook@xxxxxxxxxxxx>: >> Seems that Debian and some older Ubuntu versions are already using >> >> $ sysctl -a | grep usern >> kernel.unprivileged_userns_clone = 0 >> >> Shall we be consistent wit it? > > Oh! I didn't see that on systems I checked. On which version did you find that? $ uname -a Linux bc1 4.3.0-0.bpo.1-amd64 #1 SMP Debian 4.3.3-5~bpo8+1 (2016-01-07) x86_64 GNU/Linux $ cat /etc/debian_version 8.2 IIRC some older kernels delivered with Ubuntu Precise were also using it (but maybe I'm mistaken) -- Robert Święcki -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
