mirror of
https://git.launchpad.net/livecd-rootfs
synced 2025-10-18 02:24:06 +00:00
17 lines
832 B
Plaintext
17 lines
832 B
Plaintext
# AppArmor restrictions of unprivileged user namespaces
|
|
|
|
# Allows to restrict the use of unprivileged user namespaces to applications
|
|
# which have an AppArmor profile loaded which specifies the userns
|
|
# permission. All other applications (whether confined by AppArmor or not) will
|
|
# be denied the use of unprivileged user namespaces.
|
|
#
|
|
# See
|
|
# https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_userns_restriction
|
|
# https://gitlab.com/apparmor/apparmor/-/wikis/unprivileged_unconfined
|
|
#
|
|
# If it is desired to disable this restriction, it is preferable to create an
|
|
# additional file named /etc/sysctl.d/20-apparmor.conf which will override this
|
|
# current file and sets this value to 0 rather than editing this current file
|
|
kernel.apparmor_restrict_unprivileged_userns = 0
|
|
kernel.apparmor_restrict_unprivileged_unconfined = 1
|