Re: Linux: Disabling network namespaces

Re: Linux: Disabling network namespaces

Open Source Security [[{„value“:“

Posted by Solar Designer on Apr 20

Thank you. So with my idea/proposal, someone using these tools on a
desktop system would need to set the max depth to 1. That would leave
the kernel’s full attack surface exposed on the host system, but not to
sandboxed programs because those would run with capabilities already
relinquished (per what you write above) and would not be able to regain
them by creating a nested namespace. Sounds like a worthwhile feature?

Does bubblewrap…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert