You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Some sysctls are modifiable in a user namespace, some are not. We should have the list of such sysctls.
This work is hard, but the list of sysctls that cannot be even read can be easily identified:
$ uname -aLinux suda-ws01 5.11.0-17-generic #18-Ubuntu SMP Thu May 6 20:10:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
$ unshare -rminpCTf --mount-proc sysctl -a >/dev/nullsysctl: permission denied on key 'fs.protected_fifos'sysctl: permission denied on key 'fs.protected_hardlinks'sysctl: permission denied on key 'fs.protected_regular'sysctl: permission denied on key 'fs.protected_symlinks'sysctl: permission denied on key 'kernel.apparmor_display_secid_mode'sysctl: permission denied on key 'kernel.cad_pid'sysctl: permission denied on key 'kernel.unprivileged_userns_apparmor_policy'sysctl: permission denied on key 'kernel.usermodehelper.bset'sysctl: permission denied on key 'kernel.usermodehelper.inheritable'sysctl: permission denied on key 'vm.mmap_rnd_bits'sysctl: permission denied on key 'vm.mmap_rnd_compat_bits'sysctl: permission denied on key 'vm.stat_refresh'
The text was updated successfully, but these errors were encountered:
Some sysctls are modifiable in a user namespace, some are not. We should have the list of such sysctls.
This work is hard, but the list of sysctls that cannot be even read can be easily identified:
The text was updated successfully, but these errors were encountered: