On Fri, Jan 22, 2016 at 2:55 PM, Robert Święcki <robert@xxxxxxxxxxx> wrote: > 2016-01-22 23:50 GMT+01:00 Kees Cook <keescook@xxxxxxxxxxxx>: > >>> Seems that Debian and some older Ubuntu versions are already using >>> >>> $ sysctl -a | grep usern >>> kernel.unprivileged_userns_clone = 0 >>> >>> Shall we be consistent wit it? >> >> Oh! I didn't see that on systems I checked. On which version did you find that? > > $ uname -a > Linux bc1 4.3.0-0.bpo.1-amd64 #1 SMP Debian 4.3.3-5~bpo8+1 > (2016-01-07) x86_64 GNU/Linux > $ cat /etc/debian_version > 8.2 Ah-ha, Debian only, though it looks like this was just committed to the Ubuntu kernel tree too: > IIRC some older kernels delivered with Ubuntu Precise were also using > it (but maybe I'm mistaken) I don't see it there. I think my patch is more complete, but I'm happy to change the name if this sysctl has already started to enter the global consciousness. ;) Serge, Ben, what do you think? -Kees -- Kees Cook Chrome OS & Brillo Security -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
