github-starred/firejail

Fork 0

mirror of https://github.com/netblue30/firejail.git synced 2026-05-15 14:16:14 -06:00

#userns outdated #1250

New issue

Closed

opened 2026-05-05 07:43:37 -06:00 by gitea-mirror · 4 comments

gitea-mirror commented

2026-05-05 07:43:37 -06:00

Owner

Originally created by @polyzen on GitHub (Mar 27, 2018).
Original GitHub issue: https://github.com/netblue30/firejail/issues/1842

Arch Linux has supported user namespaces in the linux package/s since version 4.14.4-2. The bug mentioned is closed.

Originally created by @polyzen on GitHub (Mar 27, 2018). Original GitHub issue: https://github.com/netblue30/firejail/issues/1842 Arch Linux has supported user namespaces in the `linux` package/s [since version `4.14.4-2`](https://git.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/linux&id=e42e6ffc6243370215eb33690b3c68f96f181cdb). The [bug](https://bugs.archlinux.org/task/36969) mentioned is closed.

gitea-mirror closed this issue

2026-05-05 07:43:38 -06:00

gitea-mirror commented

2026-05-05 07:43:40 -06:00

Author

Owner

@Vincent43 commented on GitHub (Mar 27, 2018):

It's supported but still disabled by default. It's exactly what Debian does for a long time.

@Vincent43 commented on GitHub (Mar 27, 2018): It's supported but still [disabled](https://wiki.archlinux.org/index.php/Security#Sandboxing_applications) by default. It's exactly what Debian does for a long time.

gitea-mirror commented

2026-05-05 07:43:42 -06:00

Author

Owner

@netblue30 commented on GitHub (Mar 27, 2018):

Thanks, I modified the web page. The problem was user namespace wasn't compiled in the kernel, so they put it in and disabled it. We can use it even if it is disabled.

@netblue30 commented on GitHub (Mar 27, 2018): Thanks, I modified the web page. The problem was user namespace wasn't compiled in the kernel, so they put it in and disabled it. We can use it even if it is disabled.

gitea-mirror commented

2026-05-05 07:43:44 -06:00

Author

Owner

@Fred-Barclay commented on GitHub (Mar 28, 2018):

@Vincent43 it's enabled for root though (or other similarly-priviledged users), right? Since firejail uses SUID, is it able to use namespaces?
I did noticed that I no longer get the Warning: noroot option is not available on Arch. I'm not sure if this is because namespaces are now compiled in but non-accessible to firejail, or if firejail is actually able to use them.

@Fred-Barclay commented on GitHub (Mar 28, 2018): @Vincent43 it's enabled for `root` though (or other similarly-priviledged users), right? Since firejail uses SUID, is it able to use namespaces? I did noticed that I no longer get the `Warning: noroot option is not available` on Arch. I'm not sure if this is because namespaces are now compiled in but non-accessible to firejail, or if firejail is actually able to use them.

gitea-mirror commented

2026-05-05 07:43:44 -06:00

Author

Owner

@Vincent43 commented on GitHub (Mar 28, 2018):

@Fred-Barclay yes, I should say "restricted" rather than "disabled". I have no idea if firejail use namespaces when they're restricted to root. Maybe @netblue30 could clear that for us. Also I read that privileged namespaces have no security value.

@Vincent43 commented on GitHub (Mar 28, 2018): @Fred-Barclay yes, I should say "restricted" rather than "disabled". I have no idea if firejail use namespaces when they're restricted to root. Maybe @netblue30 could clear that for us. Also I read that privileged namespaces have no security value.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/firejail#1250

No description provided.

Rows
Columns