I am developing some AppArmor profiles, and came across the kernel flag unprivileged_userns_apparmor_policy, but I cannot find any documentation about it. Does anyone know what it does? I wonder if it might be helpful to me because I am writing AppArmor policies for apps that can use unprivileged user namespaces and I don't want those apps to be able to use a mount namespace to get around the AppArmor profile's file permission restrictions.
Add a comment |
1 Answer
This feature was added to the ubuntu kernel and has not yet been implemented into the mainlain linux kernel. It is expected to make it into linux 6.14 if all goes well.
- That’s all well and good, it doesn’t answer the question though…Stephen Kitt– Stephen Kitt2025-01-24 10:24:29 +00:00Commented Jan 24 at 10:24