From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <vseleznv@altlinux.org>
Date: Fri, 19 Nov 2021 14:10:44 +0000
From: "Vladimir D. Seleznev" <vseleznv@altlinux.org>
To: ALT Linux Team development discussions <devel@lists.altlinux.org>
Message-ID: <YZewZISd0kRcao6L@portlab>
References: <20211118143605.742f6370@tower>
 <779c0721-08a6-5728-d041-7beed2390594@basealt.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <779c0721-08a6-5728-d041-7beed2390594@basealt.ru>
Subject: Re: [devel] kernel.userns_restrict
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
 <mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Fri, 19 Nov 2021 14:10:45 -0000
Archived-At: <http://lore.altlinux.org/devel/YZewZISd0kRcao6L@portlab/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>

On Fri, Nov 19, 2021 at 05:41:54PM +0400, Alexey Sheplyakov wrote:
> Ð—Ð´Ñ€Ð°Ð²ÑÑ‚Ð²ÑƒÐ¹Ñ‚Ðµ!
> 
> On 18.11.2021 15:36, Anton V. Boyarshinov wrote:
> > Ð”Ð¾Ð±Ñ€Ñ‹Ð¹ Ð´ÐµÐ½ÑŒ
> > 
> > ÐÐµÐºÐ¾Ñ‚Ð¾Ñ€Ð¾Ðµ Ð²Ñ€ÐµÐ¼Ñ Ð½Ð°Ð·Ð°Ð´ Ñ ÑÐ´ÐµÐ»Ð°Ð» Ð¾ÑˆÐ¸Ð±ÐºÑƒ Ð¿Ñ€Ð¸ git rebase Ð¸ Ð¿Ð¾Ñ‚ÐµÑ€ÑÐ» Ð·Ð½Ð°Ñ‡ÐµÐ½Ð¸Ðµ
> > Ð¿Ð¾ ÑƒÐ¼Ð¾Ð»Ñ‡Ð°Ð½Ð¸ÑŽ Ð´Ð»Ñ sysctl kernel.userns_restrict
> > 
> > ÐšÐ¾Ð³Ð´Ð° Ð¼Ð½Ðµ Ð¾Ð± ÑÑ‚Ð¾Ð¼ ÑÐ¾Ð¾Ð±Ñ‰Ð¸Ð»Ð¸, Ð²Ð¾ÑÐ¿Ñ€Ð¸Ð½ÑÐ» ÑÑ‚Ð¾ ÐºÐ°Ðº ÑÐµÑ€ÑŒÑ‘Ð·Ð½ÑƒÑŽ Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼Ñƒ Ð²
> > Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑ‚Ð¸ Ð¸ Ð¿Ð¾Ð±ÐµÐ¶Ð°Ð» Ð¸ÑÐ¿Ñ€Ð°Ð²Ð»ÑÑ‚ÑŒ.
> 
> Ð¡ Ñ‚Ð¾Ð¹ Ð¶Ðµ ÑÑ‚ÐµÐ¿ÐµÐ½ÑŒÑŽ Ð¾Ð±Ð¾ÑÐ½Ð¾Ð²Ð°Ð½Ð½Ð¾ÑÑ‚Ð¸ "ÑÐµÑ€ÑŒÑ‘Ð·Ð½Ð¾Ð¹ Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼Ð¾Ð¹" ÑÐ²Ð»ÑÐµÑ‚ÑÑ Ð½Ð°Ð»Ð¸Ñ‡Ð¸Ðµ ÑÐµÑ‚ÐµÐ²Ñ‹Ñ… Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹ÑÐ¾Ð².

ÐÑƒ, Ð½Ð°Ð¿Ñ€Ð¸Ð¼ÐµÑ€ Ñ Ñ€Ð°ÑÑÐ¼Ð°Ñ‚Ñ€Ð¸Ð²Ð°ÑŽ ÐºÐ°Ðº Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼Ñƒ Ð½Ð°Ð»Ð¸Ñ‡Ð¸Ðµ Ð¼Ð¾Ð´ÑƒÐ»ÐµÐ¹ ÑÐµÑ‚ÐµÐ²Ñ‹Ñ…
Ð¸Ð½Ñ‚ÐµÑ€Ñ„ÐµÐ¹ÑÐ¾Ð² Ð² ÐºÐµÑ€Ð½ÐµÐ»ÑÐ¿ÐµÐ¹ÑÐµ, Ð½Ð¾, Ðº ÑÐ¾Ð¶Ð°Ð»ÐµÐ½Ð¸ÑŽ, Ð² Ð¾Ñ‚Ð»Ð¸Ñ‡Ð¸Ðµ Ð¾Ñ‚ Ð²Ñ‹ÑˆÐµÐ¾Ð¿Ð¸ÑÐ°Ð½Ð½Ð¾Ð¹
Ð¿Ñ€Ð¾Ð±Ð»ÐµÐ¼Ñ‹ ÐµÑ‘ ÑÐ»Ð¾Ð¶Ð½ÐµÐµ Ð¸ÑÐ¿Ñ€Ð°Ð²Ð¸Ñ‚ÑŒ.

> Ð˜ Ð¾Ñ‚ÐºÐ»ÑŽÑ‡Ð¸Ñ‚ÑŒ Ð¸Ñ… Ð¿Ð¾ ÑƒÐ¼Ð¾Ð»Ñ‡Ð°Ð½Ð¸ÑŽ Ð´Ð»Ñ Ð¿ÑƒÑ‰ÐµÐ¹ Ð±ÐµÐ·Ð¾Ð¿Ð°ÑÐ½Ð¾ÑÑ‚Ð¸. Ð Ð¼Ð¾Ð¶Ð½Ð¾ Ð¸ Ð²Ð¾Ð¾Ð±Ñ‰Ðµ ÐºÐ¾Ð¼Ð¿ÑŒÑŽÑ‚ÐµÑ€ Ð½Ðµ Ð²ÐºÐ»ÑŽÑ‡Ð°Ñ‚ÑŒ.
> Ð¢Ð°Ðº 100% Ð½Ð¸ Ð¾Ð´Ð¸Ð½ Ð·Ð»Ð¾Ð´ÐµÐ¹ Ð½Ðµ Ð¿Ñ€Ð¾Ð¹Ð´Ñ‘Ñ‚.
> 
> > Ð¢Ð°ÐºÐ¸Ð¼ Ð¾Ð±Ñ€Ð°Ð·Ð¾Ð¼, Ð½Ð°Ð¼ Ð² Ð»ÑŽÐ±Ð¾Ð¹ Ð´ÐµÑÐºÑ‚Ð¾Ð¿Ð½Ñ‹Ð¹ Ð´Ð¸ÑÑ‚Ñ€Ð¸Ð±ÑƒÑ‚Ð¸Ð² Ñ gtk3 Ð½ÐµÑ‡ÑƒÐ²ÑÑ‚Ð²Ð¸Ñ‚ÐµÐ»ÑŒÐ½Ð¾  Ð¿Ñ€Ð¸ÐµÐ·Ð¶Ð°ÐµÑ‚ kernel.userns_restrict=0
> 
> Ð˜ Ð¾Ñ‡ÐµÐ½ÑŒ Ñ…Ð¾Ñ€Ð¾ÑˆÐ¾, Ñ‡Ñ‚Ð¾ Ñ…Ð¾Ñ‚ÑŒ ÐºÐ°ÐºÐ¸Ð¼-Ñ‚Ð¾ Ð´Ð¸ÑÑ‚Ñ€Ð¸Ð±ÑƒÑ‚Ð¸Ð²Ð¾Ð¼ Ð¼Ð¾Ð¶Ð½Ð¾ Ð¿Ñ€ÑÐ¼Ð¾ Ð¸Ð· ÐºÐ¾Ñ€Ð¾Ð±ÐºÐ¸ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÑŒÑÑ.
> Ð Ð½Ðµ Ñ‡Ð¸Ð½Ð¸Ñ‚ÑŒ ÑÐ»Ð¾Ð¼Ð°Ð½Ð½Ð¾Ðµ Ð¸Ð·Ð»Ð¸ÑˆÐ½Ðµ Ñ‚Ñ€ÐµÐ²Ð¾Ð¶Ð½Ñ‹Ð¼Ð¸ Ð³Ñ€Ð°Ð¶Ð´Ð°Ð½Ð°Ð¼Ð¸.

ÐœÐ¾Ð¶ÐµÑ‚ Ñ‚Ð¾Ð³Ð´Ð° ÑÑ‚Ð¾Ð¸Ñ‚ Ð¿Ð¾Ð»ÑŒÐ·Ð¾Ð²Ð°Ñ‚ÑŒÑÑ Ð´Ð¸ÑÑ‚Ñ€Ð¸Ð±ÑƒÑ‚Ð¸Ð²Ð°Ð¼Ð¸, ÐºÐ¾Ñ‚Ð¾Ñ€Ñ‹Ðµ Ñ€Ð°Ð±Ð¾Ñ‚Ð°ÑŽÑ‚?

-- 
   WBR,
   Vladimir D. Seleznev