You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I've noticed due to #561 and previous commits in this discussion, my systems set NoNewPrivileges=no.
However, running Arch Linux with the hardened kernel 6.8.9-hardened1-1-hardened(linux-hardened) with Incus 6.3, modifying the generator still works for me with unprivileged containers:
The only problem option I can't set to true due to the hardened kernel is PrivateUsers which will result in the following error:
Failed to set up user namespacing: Operation not permitted
Failed at step USER spawning /foo: Operation not permitted
So the question is: Is there a way to disable the drop in for those security options and allow users to opt-in (possibly requiring trial-and-error) without having to delete the /etc/systemd/system-generators/lxc file on every new container?
The text was updated successfully, but these errors were encountered:
I've noticed due to #561 and previous commits in this discussion, my systems set
NoNewPrivileges=no.However, running Arch Linux with the hardened kernel
6.8.9-hardened1-1-hardened(linux-hardened) with Incus 6.3, modifying the generator still works for me with unprivileged containers:The only problem option I can't set to true due to the hardened kernel is
PrivateUserswhich will result in the following error:So the question is: Is there a way to disable the drop in for those security options and allow users to opt-in (possibly requiring trial-and-error) without having to delete the
/etc/systemd/system-generators/lxcfile on every new container?The text was updated successfully, but these errors were encountered: