summaryrefslogtreecommitdiff
path: root/kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
diff options
context:
space:
mode:
Diffstat (limited to 'kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch')
-rw-r--r--kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch57
1 files changed, 0 insertions, 57 deletions
diff --git a/kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch b/kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
deleted file mode 100644
index f72b49a4e..000000000
--- a/kernels/linux-libre-x86_64/0002-ZEN-Add-CONFIG-for-unprivileged_userns_clone.patch
+++ /dev/null
@@ -1,57 +0,0 @@
-From 52deaa0f77df6fdd3ae785cfdd21c0bb39247bed Mon Sep 17 00:00:00 2001
-From: "Jan Alexander Steffens (heftig)" <jan.steffens@gmail.com>
-Date: Thu, 7 Dec 2017 13:50:48 +0100
-Subject: [PATCH 2/5] ZEN: Add CONFIG for unprivileged_userns_clone
-
-This way our default behavior continues to match the vanilla kernel.
----
- init/Kconfig | 16 ++++++++++++++++
- kernel/user_namespace.c | 4 ++++
- 2 files changed, 20 insertions(+)
-
-diff --git a/init/Kconfig b/init/Kconfig
-index 0e2344389501..96f76927710a 100644
---- a/init/Kconfig
-+++ b/init/Kconfig
-@@ -1013,6 +1013,22 @@ config USER_NS
-
- If unsure, say N.
-
-+config USER_NS_UNPRIVILEGED
-+ bool "Allow unprivileged users to create namespaces"
-+ default y
-+ depends on USER_NS
-+ help
-+ When disabled, unprivileged users will not be able to create
-+ new namespaces. Allowing users to create their own namespaces
-+ has been part of several recent local privilege escalation
-+ exploits, so if you need user namespaces but are
-+ paranoid^Wsecurity-conscious you want to disable this.
-+
-+ This setting can be overridden at runtime via the
-+ kernel.unprivileged_userns_clone sysctl.
-+
-+ If unsure, say Y.
-+
- config PID_NS
- bool "PID Namespaces"
- default y
-diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c
-index b2f8b5777670..aa27ecacfb1e 100644
---- a/kernel/user_namespace.c
-+++ b/kernel/user_namespace.c
-@@ -22,7 +22,11 @@
- #include <linux/sort.h>
-
- /* sysctl */
-+#ifdef CONFIG_USER_NS_UNPRIVILEGED
-+int unprivileged_userns_clone = 1;
-+#else
- int unprivileged_userns_clone;
-+#endif
-
- static struct kmem_cache *user_ns_cachep __read_mostly;
- static DEFINE_MUTEX(userns_state_mutex);
---
-2.22.0
-
generated by cgit v1.2.2 (git 2.25.0) at 2024-04-16 07:27:58 +0000