site  contact  subhomenews

Kernel 5.15.97 with landlock and user-namespace

March 04, 2023 — BarryK

We discussed the "landlock" security feature in the forum:

https://forum.puppylinux.com/viewtopic.php?t=8023

Up until now, the kernel in Easy has left out user-namespace support due to some perceived security issue. Though, that is a vague concern, and after reading recently that Vivaldi needs that kernel feature when run non-root, I decided to enable it. 

Namespaces support
  [*]   UTS namespace
  [ ]   TIME namespace
  [*]   IPC namespace
  [*]   User namespace  CONFIG_USER_NS 
  [*]   PID Namespaces 
  [*]   Network namespace

Security options
  [*] Landlock support   CONFIG_SECURITY_LANDLOCK
  (lockdown,yama,landlock) Ordered list of enabled LSMs    CONFIG_LSM

Have not yet utilized landlock, that will be interesting.

EDIT 2023-03-05:
Thanks to forum member ozsouth, who informed me that kernel 5.15.97 was superseded a few hours after release by 5.15.98, due to a bug discovered. Have compiled 5.15.98.    

Tags: easy