Recommendation is now to disable network namespaces to mitigate vulnerabilities due to their interaction with unprivileged user namespaces:
https://www.openwall.com/lists/oss-security/2024/04/14/1
That’s a sad outcome.
Recommendation is now to disable network namespaces to mitigate vulnerabilities due to their interaction with unprivileged user namespaces:
https://www.openwall.com/lists/oss-security/2024/04/14/1
That’s a sad outcome.
Incidentally, that’s another illustration that retrofitting namespaces in an ambient-authority monolithic kernel is tricky.
This is in contrast with the Hurd, where per-process views are an inherent part of the design.
Chirp! is a social network. It runs on GNU social, version 2.0.1-beta0, available under the GNU Affero General Public License.
All Chirp! content and data are available under the Creative Commons Attribution 3.0 license.