Skip to content

Draft: Disable unprivileged userns and make bwrap setuid root

segfault requested to merge 15725-disable-unprivileged-userns into stable

A setuid bwrap binary is more secure than allowing unprivileged user namespaces and still good enough for sandboxing purposes.

Closes #15725

Edited by segfault

Merge request reports

Loading