Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
core: add new RestrictNamespaces= unit file setting #4536
This new setting permits restricting whether namespaces may be created and
RestrictNamespaces=no is the default, and does not restrict namespaces in any
This setting should be improve security quite a bit as in particular user
(This could be delayed for v233, but otoh hand is pretty self-contained, might be good enough for v232, too)
Looks good, and as a you wrote, this is pretty self-contained. But I think it'd be better to leave this for the next cycle, to give a chance to test this and shake out any wrinkles. If we merge this now, it'll be released without nay wider testing.
I have force pushed a new version now, and fixed the issues pointed out, except for the naming of the option and semantics thing you raised... I am note quite sure what the best approach here is on that... I see your point, but I don't like AllowXYZ= (i.e. an option that defaults to on) either...
Any more suggestions or ideas?
For an alternative idea, from the peanut gallery:
This looks good code-wise, so let's merge. Thorough testing is advised ;)