Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
run: Block setns()
If we don't allow unshare() or clone() with CLONE_NEWUSER, we also shouldn't allow joining an existing (but different) namespace. Partially fixes GHSA-67h7-w3jq-vh4q. Signed-off-by: Simon McVittie <smcv@collabora.com>
- Loading branch information