Another vulnerability where the suggested mitigation is “turn off unprivileged user namespaces”:

It sounds as though those retrofitted namespaces will never be trustworthy. Back in 2017 I was blissfully hoping we’d soon see unprivileged user namespaces enabled everywhere:


@mpjgregoire can cross-build a whole Guix System for GNU/Hurd, run it as a “childhurd” (VM), and from there you can use Guix natively. So I’d say it’s a major milestone. :-)


Sign in to participate in the conversation
Mastodon (Aquilepouet)

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!