Code: Select all
sudo touch /etc/sysctl.d/00-local-userns.conf
sudo echo kernel.unprivileged_userns_clone=1 > /etc/sysctl.d/00-local-userns.conf
sudo service procps restart
Now I just read:
on Arch Wiki Security/Sanboxing applications.Note: The user namespace configuration item CONFIG_USER_NS is currently enabled in linux (v4.14.5 or later), linux-lts (v4.14.15 or later) and linux-hardened. Lack of it may prevent certain sandboxing features from being made available to applications. Unprivileged usage is disabled by default unless the kernel.unprivileged_userns_clone sysctl is set to 1, since it greatly increases the attack surface for local privilege escalation.
Admittedly, I am at a loss as to determine if I have, by implementing the workaround, introduced a "security hole" in my system. The bolded (by me) statement above does sound a bit worrying.
I'll be grateful for any and all explanations/comments on this.