Skip to content
Commit 4c348157 authored by Simon McVittie's avatar Simon McVittie Committed by Alexander Larsson
Browse files

run: Block setns() 



If we don't allow unshare() or clone() with CLONE_NEWUSER, we also
shouldn't allow joining an existing (but different) namespace.

Partially fixes GHSA-67h7-w3jq-vh4q.

Signed-off-by: default avatarSimon McVittie <smcv@collabora.com>
parent 9766ee05
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment