Commit 1e1b8248 authored by Amos Wenger's avatar Amos Wenger

Introduce linox, SupportsUnprivilegedCloneNewUser

parent 74ec64ee
Pipeline #14224 passed with stage
in 5 minutes and 40 seconds
......@@ -5,13 +5,13 @@ import (
"syscall"
)
// SupportsUnprivilegedCloneNewuser returns true if
// SupportsUnprivilegedCloneNewUser returns true if
// the Linux kernel allows unprivileged users to call the clone()
// syscall with `CLONE_NEWUSER`.
// It is useful, for example to establish whether the Electron 5.0+ suid sandbox
// can be used, or if it needs to be disabled.
// cf. https://github.com/electron/electron/issues/17972
func SupportsUnprivilegedCloneNewuser() bool {
func SupportsUnprivilegedCloneNewUser() bool {
cmd := exec.Command("/bin/true")
cmd.SysProcAttr = &syscall.SysProcAttr{}
cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWUSER
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment