diff options
| -rw-r--r-- | manifests/lxc/unprivileged.pp | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/manifests/lxc/unprivileged.pp b/manifests/lxc/unprivileged.pp index 6f187a5..d980192 100644 --- a/manifests/lxc/unprivileged.pp +++ b/manifests/lxc/unprivileged.pp @@ -9,12 +9,14 @@ class virtual::lxc::unprivileged { ensure => present, } + # Disabled, see https://www.debian.org/security/2017/dsa-4073 file { "/etc/sysctl.d/80-lxc-userns.conf": owner => "root", group => "root", mode => '0644', ensure => present, - content => "kernel.unprivileged_userns_clone=1\n", + #content => "kernel.unprivileged_userns_clone=!\n", + content => "kernel.unprivileged_userns_clone=0\n", } exec { "sysctl --system": |