diff options
author | John <johnramsden@users.noreply.github.com> | 2018-01-19 13:43:18 -0800 |
---|---|---|
committer | Atomic Bot <atomic-devel@projectatomic.io> | 2018-01-19 23:10:19 +0000 |
commit | 30e5bbc45f6ba79f03899122d7a4c0b536104289 (patch) | |
tree | bf3989325ddebb098a0f7db69b793533da99b5da /README.md | |
parent | 7d1da19de2ba3015dd9ff2cbe68bb8e0ba52117c (diff) | |
download | flatpak-30e5bbc45f6ba79f03899122d7a4c0b536104289.tar.gz |
Update info on Arch user namespaces in README.md
As of linux kernel 4.14.5, user namespaces are enabled on Arch with the standard linux kernel.
Username spaces are disabled by default, but can be enabled with the
kernel.unprivileged_userns_clone sysctl.
More information regarding the change can be found in the Arch Linux bug report:
https://bugs.archlinux.org/task/36969
Closes: #1328
Approved by: cgwalters
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 6 |
1 files changed, 2 insertions, 4 deletions
@@ -31,10 +31,8 @@ has a recent enough version of Bubblewrap already, you can use Bubblewrap can run in two modes, either using unprivileged user namespaces or setuid mode. This requires that the kernel supports this, -which some distributions disable. For instance, Arch completely -disables user namespaces, while Debian supports unprivileged user -namespaces, but only if you turn on the -`kernel.unprivileged_userns_clone` sysctl. +which some distributions disable. For instance, Debian and Arch +([linux](https://www.archlinux.org/packages/?name=linux) kernel v4.14.5 or later), support user namespaces with the `kernel.unprivileged_userns_clone` sysctl enabled. If unprivileged user namespaces are not available, then Bubblewrap must be built as setuid root. This is believed to be safe, as it is |