diff options
Diffstat (limited to 'debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch')
| -rw-r--r-- | debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch index 205510d6b..32d158cc2 100644 --- a/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch +++ b/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch @@ -18,7 +18,7 @@ Index: linux/kernel/fork.c =================================================================== --- linux.orig/kernel/fork.c +++ linux/kernel/fork.c -@@ -108,6 +108,11 @@ +@@ -110,6 +110,11 @@ #define CREATE_TRACE_POINTS #include <trace/events/task.h> @@ -30,7 +30,7 @@ Index: linux/kernel/fork.c /* * Minimum number of threads to boot the kernel -@@ -2008,6 +2013,10 @@ static __latent_entropy struct task_stru +@@ -2265,6 +2270,10 @@ static __latent_entropy struct task_stru if ((clone_flags & (CLONE_NEWUSER|CLONE_FS)) == (CLONE_NEWUSER|CLONE_FS)) return ERR_PTR(-EINVAL); @@ -41,7 +41,7 @@ Index: linux/kernel/fork.c /* * Thread groups must share signals as well, and detached threads * can only be started up within the thread group. -@@ -3166,6 +3175,12 @@ int ksys_unshare(unsigned long unshare_f +@@ -3411,6 +3420,12 @@ int ksys_unshare(unsigned long unshare_f if (unshare_flags & CLONE_NEWNS) unshare_flags |= CLONE_FS; @@ -58,7 +58,7 @@ Index: linux/kernel/sysctl.c =================================================================== --- linux.orig/kernel/sysctl.c +++ linux/kernel/sysctl.c -@@ -136,6 +136,10 @@ static enum sysctl_writes_mode sysctl_wr +@@ -135,6 +135,10 @@ static enum sysctl_writes_mode sysctl_wr int sysctl_legacy_va_layout; #endif @@ -69,7 +69,7 @@ Index: linux/kernel/sysctl.c #endif /* CONFIG_SYSCTL */ /* -@@ -1659,6 +1663,15 @@ static struct ctl_table kern_table[] = { +@@ -1623,6 +1627,15 @@ static struct ctl_table kern_table[] = { .mode = 0644, .proc_handler = proc_dointvec, }, @@ -96,6 +96,6 @@ Index: linux/kernel/user_namespace.c +/* sysctl */ +int unprivileged_userns_clone = 1; + - static struct kmem_cache *user_ns_cachep __read_mostly; + static struct kmem_cache *user_ns_cachep __ro_after_init; static DEFINE_MUTEX(userns_state_mutex); |