[PATCH 1/3] capabilities: user namespace capabilities

[Eric W. Biederman]

Jonathan Calmels <jcalmels at 3xx0.net> writes:

> Attackers often rely on user namespaces to get elevated (yet confined)
> privileges in order to target specific subsystems (e.g. [1]). Distributions
> have been pretty adamant that they need a way to configure these, most of
> them carry out-of-tree patches to do so, or plainly refuse to enable
> them.

Pointers please?

That sentence sounds about 5 years out of date.

Eric