One of the typical configuration in linux is to turn off the user namespaces and/or network namespaces. This is because most of the exploits in linux have been related to… (read more)
One of the typical configuration in linux is to turn off the user namespaces and/or network namespaces. This is because most of the exploits in linux have been related to namespaces vulnerabilities.
If there is a Firefox ver 127.0.2, running on Linux in which the user namespace is turned off then the following is observed in the Troubleshooting information, i.e. about:support
Seccomp-BPF (System Call Filtering) true
Seccomp Thread Synchronisation true
User Namespaces for privileged processes true
User Namespaces false
Content Process Sandboxing true
Media Plugin Sandboxing true
So how come with the username turned off, the content process and media plugin is still sandboxed? Also is having user namespace turned off, as given above, a security risk?
However if the network namespace is turned off, i.e. max_net_namespaces is set to zero, then it renders the browser unusable. Nothing works. Why is that?
Is there some documentation somewhere where these namespaces and their impact is explained in detail?