On tor, 2015-05-28 at 22:31 +0200, Alexander Larsson wrote:
> I just pushed some changes to make xdg-app use user namespaces, which
> means it does not require any elevated permissions like setuid or
> setcap.
>
> I need to do some more testing on it to make sure nothing broke, but it
> seems to work for me.
>
> However, there is an issue with some 4.0.x kernels, where it causes a
> panic. For fedora this is fixed in the 4.0.4-302 kernel (and it works
> with previous 3.19 kernels). If you want to test this, make sure you
> have a new enough or old enough kernel.
I added back the old setuid implementation if you pass --disable-userns
to configure, since some old distros don't have user namespaces.
However, my recommendation is for everyone that can to use the user
namespace implementation, it is less risky as there are no increased
privileges needed.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
[email protected] [email protected]
He's a deeply religious crooked vampire hunter who dotes on his loving
old ma. She's a mentally unstable red-headed research scientist with a
song in her heart and a spring in her step. They fight crime!
_______________________________________________
gnome-os-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/gnome-os-list
