Consider disabling unprivileged user namespaces?
Originally created by @intrigeri on #15725 (Redmine)
Some of the recent sandboxing improvements require unprivileged user namespaces to be enabled (+ some AppArmor tweaks): is the risk/benefit worth it?
Debian bug report where Debian's decision is being reconsidered: https://bugs.debian.org/898446
Related issues
- Related to #12213 (closed)
- Blocked by #15023 (closed)