Skip to content

Commit 4c34815

Browse files
smcvalexlarsson
authored andcommitted
run: Block setns()
If we don't allow unshare() or clone() with CLONE_NEWUSER, we also shouldn't allow joining an existing (but different) namespace. Partially fixes GHSA-67h7-w3jq-vh4q. Signed-off-by: Simon McVittie <smcv@collabora.com>
1 parent 9766ee0 commit 4c34815

File tree

1 file changed

+1
-0
lines changed

1 file changed

+1
-0
lines changed

Diff for: common/flatpak-run.c

+1
Original file line numberDiff line numberDiff line change
@@ -2932,6 +2932,7 @@ setup_seccomp (FlatpakBwrap *bwrap,
29322932

29332933
/* Don't allow subnamespace setups: */
29342934
{SCMP_SYS (unshare), EPERM},
2935+
{SCMP_SYS (setns), EPERM},
29352936
{SCMP_SYS (mount), EPERM},
29362937
{SCMP_SYS (pivot_root), EPERM},
29372938
#if defined(__s390__) || defined(__s390x__) || defined(__CRIS__)

0 commit comments

Comments
 (0)