On 4/19/24 12:01, nightmare.yea...@aceecat.org wrote:
On Wed, Apr 17, 2024 at 09:52:10AM GMT, Georgia Garcia wrote:
I just wanted to add that in the Ubuntu Noble Numbat release we are
using AppArmor to restrict unprivileged user namespaces.
Applications that don't have an AppArmor profile wi
>
> On Apr 21, 2024, at 6:00 AM, Simon McVittie wrote:
>
> bubblewrap doesn't rely on seccomp itself, because linking to libseccomp
> and compiling seccomp programs would be a concerning amount of attack
> surface for a program that is optionally setuid root, but it has options
> that can be us
On Wed, Apr 17, 2024 at 09:52:10AM GMT, Georgia Garcia wrote:
> I just wanted to add that in the Ubuntu Noble Numbat release we are
> using AppArmor to restrict unprivileged user namespaces.
> Applications that don't have an AppArmor profile will use a default
> profile which denies the use of ca
