apparmor: add user namespace creation mediation - wireguard-linux

diff options

author	John Johansen <john.johansen@canonical.com>	2022-09-09 16:00:09 -0700
committer	John Johansen <john.johansen@canonical.com>	2023-10-18 15:49:02 -0700
commit	fa9b63adabcfa9b724120ef3352cf6fb82b4b9a5 (patch)
tree	dc093ea12c7ae548e981bc1f675d7f974a6366f0 /tools/testing/ktest/examples/include/ssh:/git@git.zx2c4.com
parent	apparmor: allow restricting unprivileged change_profile (diff)

apparmor: add user namespace creation mediation

Unprivileged user namespace creation is often used as a first step in privilege escalation attacks. Instead of disabling it at the sysrq level, which blocks its legitimate use as for setting up a sandbox, allow control on a per domain basis. This allows an admin to quickly lock down a system while also still allowing legitimate use. Reviewed-by: Georgia Garcia <georgia.garcia@canonical.com> Signed-off-by: John Johansen <john.johansen@canonical.com>

Diffstat (limited to 'tools/testing/ktest/examples/include/ssh:/git@git.zx2c4.com')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: