mirror of
https://gitlab.com/apparmor/apparmor.git
synced 2025-03-04 08:24:42 +01:00
789cda2f08
Unprivileged user namespace creation is allowed an will result in a transition into the unprivileged_userns profile. The unprivileged_userns profile with then deny all capabilities within the profile. Execution of applications is allowed within the unprivileged_userns profile but, they will result in a stack with the unprivileged_userns profile, that is to say the unprivileged_userns profile can not be dropped (capabilities can not be gained). If the unprivileged_userns profile does not exist, unprivileged user namespace creation is denied as before. Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com> |
||
|---|---|---|
| .. | ||
| apparmor/profiles/extras | ||
| apparmor.d | ||
| Makefile | ||