Commit 74ec64ee authored by Amos Wenger's avatar Amos Wenger

Introduce linox, SupportsUnprivilegedCloneNewUser

parent 92ed53dc
package linox
import (
"os/exec"
"syscall"
)
// SupportsUnprivilegedCloneNewuser returns true if
// the Linux kernel allows unprivileged users to call the clone()
// syscall with `CLONE_NEWUSER`.
// It is useful, for example to establish whether the Electron 5.0+ suid sandbox
// can be used, or if it needs to be disabled.
// cf. https://github.com/electron/electron/issues/17972
func SupportsUnprivilegedCloneNewuser() bool {
cmd := exec.Command("/bin/true")
cmd.SysProcAttr = &syscall.SysProcAttr{}
cmd.SysProcAttr.Cloneflags = syscall.CLONE_NEWUSER
if err := cmd.Run(); err != nil {
return false
}
return true
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment