Package: wnpp Severity: wishlist Owner: Nicolas Schier <nico...@fjasle.eu>
* Package name : overlay-userns Version : 0.4 Upstream Author : Nicolas Schier <nico...@fjasle.eu> * URL : https://rocketgit.com/user/nicolas/overlay-userns-dkms * License : GPL Programming Lang: C Description : Overlay mounting in user namespaces (DKMS) This DKMS package enables overlay file system mounts within user namespaces. Please be aware that this induces a security risk and thus cannot be recommended in general. Overlay file system is considered to be a security risk when it would be allowed to be used within user namespaces. The utilisation of unprivileged Linux containers in combination with overlay-based snapshotting is thus not possible by default. The 'lxc' provides unpriviledged LXC snapshot support by using overlay within user namespaces, which is currently only enabled in Ubuntu Linux kernels. When unpriviledged overlay LXCs are required on Debian systems, this package provides an alternative to a manually patched and built Linux kernel. Personally, I use that DKMS module at work, as I have to stick to unpriviledged LXCs but still would like to run a Debian kernel rather than a manually patched and updated one. I know that patching the runtime kernel is quite dirty, and I am expecting that this technique is not possible in the far future, but right now (and since the last two years) it worked quite fine on a few machines. As I am not an official Debian Maintainer, I do need a sponsor for the package. I am going to push the Debian stuff into a personal salsa repository (nsc-guest/overlay-userns); iff the package gets sponsored, moving to an official Debian salsa repo would be great. Kind regards, Nicolas
