Package Details: linux-userns 4.13.6-1

Git Clone URL: https://aur.archlinux.org/linux-userns.git (read-only)
Package Base: linux-userns
Description: The Linux-userns kernel and modules with CONFIG_USER_NS enabled
Upstream URL: https://www.kernel.org/
Keywords: CONFIG_USER_NS user-ns
Licenses: GPL2
Submitter: anigeo
Maintainer: anigeo
Last Packager: anigeo
Votes: 16
Popularity: 0.372257
First Submitted: 2016-06-01 19:32
Last Updated: 2017-10-17 02:59

Pinned Comments

anigeo commented on 2016-11-02 05:12

To those who suffer gpg verification error, please make sure that you have add Linus Torvalds's and Greg Kroah-Hartman's public key in your gpg keyring, command in simple:

gpg --recv-keys 79BE3E4300411886 38DBBDC86092693E

Detail: https://www.kernel.org/category/signatures.html

anigeo commented on 2016-08-23 05:19

FYI, from Linux 4.7, the DEVPTS_MULTIPLE_INSTANCES configuration option is removed, so that when you do `lxc-checkconfig` and it's normal when it shows "Multiple /dev/pts instances" is missing, since the checkconfig script rely on the info in /proc/config.gz

More detail: https://patchwork.kernel.org/patch/8893241/

Latest Comments

fpqc commented on 2017-05-27 17:34

Hey, does anyone build this package on an unofficial repo by any chance?

ellric commented on 2017-01-11 10:05

@saildata is this package "save to use" again? concerning the vulnerability you pointed out on the 09th of December 2016?

saildata commented on 2016-12-09 12:50

@nerdix see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8655, http://www.itnews.com.au/news/dirty-cow-patched-as-another-nasty-linux-kernel-bug-surfaces-443963.

Luckily the Arch team has already patched it, along with other distros. If you read the article, it points out that the reasearcher who found it said, 'it should work for ANY DISTRO with USERNS'. Arch is one of the few among the top that disable it by default -- we have to stay up to date with the additional risks associated with this option.

This is the reason I maintain 2 distinct kernels (as I'm sure everyone here, who follows the PKGBUILD) does -- I found out about the issue yesterday and immediately switched over to the vanilla kernel.

@anigeo we should be good to go on 4.8.13-1; see https://git.archlinux.org/svntogit/packages.git/diff/trunk/PKGBUILD?h=packages/linux&id=940e837f7352bcc1b0e5d5104c8d90804c411541 if you think it's 'safer' to pull the patch instead of the testing kernel itself.

nerdix commented on 2016-11-24 08:18

Just beeing curious, why the user name spaces are not compiled into the Arch stock kernel?
What is the security impact? Almost all other distros ship their default kernel with this option compiled in...

asbachb commented on 2016-11-23 20:20

You can contact me for a pre built repo.

lockheed commented on 2016-11-23 16:47

Is there some repo with those packages precompiled?

LeonardK commented on 2016-11-19 15:14

Thanks for implementing the change!

LeonardK commented on 2016-11-18 10:13

the alpm-hook should be named differently (otherwise it conflicts with the core/linux package) and also the script inside should execute slightly other commands.

fpqc commented on 2016-11-18 04:54

The alpm hook in the pkgbuild is broken. It still points to mkinitcpio -p linux instead of mkinitcpio -p linux-userns. It also doesn't trigger because it doesn't look for writes to vmlinuz-linux-userns but instead still looks to vmlinuz-linux. Luckily, the actual work of making the mkinitcpio preset is already done (/etc/mkinitcpio.d/linux-userns).

You should replace the alpm hook in the pkgbuild with one as follows:
====
80-linux-userns.hook
====
[Trigger]
Type = File
Operation = Install
Operation = Upgrade
Target = boot/vmlinuz-linux-userns
Target = usr/lib/initcpio/*

[Action]
Description = Updating Arch Linux-UserNS initramfs image
When = PostTransaction
Exec = /usr/bin/mkinitcpio -p linux-userns

======

anigeo commented on 2016-11-02 05:12

To those who suffer gpg verification error, please make sure that you have add Linus Torvalds's and Greg Kroah-Hartman's public key in your gpg keyring, command in simple:

gpg --recv-keys 79BE3E4300411886 38DBBDC86092693E

Detail: https://www.kernel.org/category/signatures.html

All comments