Does setting a value other than 0 for the max_user_namespaces involve a security problem?

Support for security such as Firewalls and securing linux
Post Reply
bioinfornatics
Posts: 3
Joined: 2014/11/08 21:22:47

Does setting a value other than 0 for the max_user_namespaces involve a security problem?

Post by bioinfornatics » 2020/11/06 15:35:55

Dear,

I use the official centos 7 image provided from docker hub

Code: Select all

Using Docker executor with image centos:7 ...
Pulling docker image centos:7 ...
And recently I tried to used podman and I got this error while building a container:

Code: Select all

Error during unshare(CLONE_NEWUSER): Operation not permitted
User namespaces are not enabled in /proc/sys/user/max_user_namespaces.
to my understanding I have to turn on this feature something like:

Code: Select all

sysctl -w user.max_user_namespaces=15000
But what is the security implication to do this ?
Why it is set to zero by default ?

Thanks

Best regards

aks
Posts: 3045
Joined: 2014/09/20 11:22:14

Re: Does setting a value other than 0 for the max_user_namespaces involve a security problem?

Post by aks » 2020/11/06 18:15:27

No (IMO) it doesn't. What you do with these namespaces does.

Post Reply

Return to “CentOS 7 - Security Support”