Also worth noting that one of the first thing any sandbox based on user
namespaces will do is *disabling* user namespaces. The programs using
them acknowledge them to be a huge security problem. It doesn't work out
well when only a subset of processes are running in that container env.

The only sane way to approach this without taking a different path is
implementing plumbing to only expose user namespaces to the sandbox
spawning executables. Kernel infrastructure exists for doing that
already. It just depends on whether anyone is willing to do any real
work vs. complaining about it and denying the facts.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to