[PR #253] [CLOSED] Restrict unprivileged user namespace creation #275

New issue

Closed

opened 2026-03-03 14:30:28 +03:00 by kerem · 0 comments

kerem commented 2026-03-03 14:30:28 +03:00

Owner

Copy link

📋 Pull Request Information

Original PR: https://github.com/konstruktoid/hardening/pull/253
Author: @rhyme-sec
Created: 3/12/2023
Status: ❌ Closed

Base: master ← Head: patch-1

---

📝 Commits (1)

• 0899957 Restrict unprivileged user namespace creation

📊 Changes

1 file changed (+1 additions, -0 deletions)

View changed files

📝 misc/sysctl.conf (+1 -0)

📄 Description

This pull request adds the kernel.unprivileged_userns_clone = 1 option to the sysctl.conf configuration file. This option restricts the creation of unprivileged user namespaces, which helps to enhance the security of the system.

By enabling this option, we prevent unprivileged users from creating their own user namespaces, which could potentially be used to bypass security controls and access system resources that they would not normally have access to. This is especially important in environments where users have limited privileges but need to run untrusted or potentially malicious code.

---

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/konstruktoid/hardening/pull/253 **Author:** [@rhyme-sec](https://github.com/rhyme-sec) **Created:** 3/12/2023 **Status:** ❌ Closed **Base:** `master` ← **Head:** `patch-1` --- ### 📝 Commits (1) - [`0899957`](https://github.com/konstruktoid/hardening/commit/0899957830503b42d967dba32ae5fabbc23859f4) Restrict unprivileged user namespace creation ### 📊 Changes **1 file changed** (+1 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `misc/sysctl.conf` (+1 -0) </details> ### 📄 Description This pull request adds the `kernel.unprivileged_userns_clone = 1` option to the `sysctl.conf` configuration file. This option restricts the creation of unprivileged user namespaces, which helps to enhance the security of the system. By enabling this option, we prevent unprivileged users from creating their own user namespaces, which could potentially be used to bypass security controls and access system resources that they would not normally have access to. This is especially important in environments where users have limited privileges but need to run untrusted or potentially malicious code. --- _{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

kerem 2026-03-03 14:30:28 +03:00

• closed this issue
• added the
  pull-request
  label

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

renovate/github-codeql-action-4.x

v2.2.0

v2.1.0

v2.0.0

v1.0.0

v1.0

Labels

Clear labels   

Stale

  

bug

  

bug

  

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

Stale

bug

bug

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/hardening#275

No description provided.