You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently the sandboxed-api examples fail to build on systems that do not allow unprivileged processed to create user namespaces.
While few systems do not enable user namespaces entirely, some distributions and hardening recommendations restrict user ns to privileged processes.
Bubblewrap has solved this by providing an alternative suid binary that sets up the user namespace before dropping privileges, allowing this feature to work on systems with restricted user namespaces.
Currently, the use of sandboxed-api is not possible on hardened systems that do not allow unprivileged user namespaces.
Please allow at least a partial use of sandboxed-api on these hardened systems.
The text was updated successfully, but these errors were encountered:
Currently the sandboxed-api examples fail to build on systems that do not allow unprivileged processed to create user namespaces.
While few systems do not enable user namespaces entirely, some distributions and hardening recommendations restrict user ns to privileged processes.
Bubblewrap has solved this by providing an alternative suid binary that sets up the user namespace before dropping privileges, allowing this feature to work on systems with restricted user namespaces.
Currently, the use of sandboxed-api is not possible on hardened systems that do not allow unprivileged user namespaces.
Please allow at least a partial use of sandboxed-api on these hardened systems.
The text was updated successfully, but these errors were encountered: