Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Security Concern - why is it necessary to enable kernel.unprivileged_userns_clone?
See original GitHub issueDuring installation on Debian Buster an error comes up prompting me with the following
user@machine:~/mnt2/samples$ ./daedalus-1.1.0-mainnet-12849.bin
Run the following to enable unprivileged namespace use:
sudo bash -c "sysctl -w kernel.unprivileged_userns_clone=1 ; echo kernel.unprivileged_userns_clone=1 > /etc/sysctl.d/nix-user-chroot.conf"
A quick google gives this security exchange answer which doesn’t clear things up or inspire confidence.
Further googling takes me to your installation instructions which gloss over these commands and don’t inform me why you need them.
Additionally it isn’t clear if these settings are required permanently or can be re enabled after installation.
So if possible could you clarify these points for me:
- Is this a safe operation that will not open me up to kernel vulnerabilities
- Why are these needed?
- Can I disable them afterwards?
Thanks!
Issue Analytics
- State:
- Created 3 years ago
- Reactions:9
- Comments:22 (10 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
I quite dislike the combination of a cryptocurrency wallet and unprivileged namespace, or am I just the paranoid one here?
+1. Some explanation would be useful please. Guess I try virtualisation next. Probably build from source to choose installation directories too. Most likely I just lack the knowledge, and documentation, but I did search. Thanks for all efforts.