I’m not proficient in how the Linux kernel works. I’ve observed that nested namespaces are not allowed in Flatpak. Are we unable to trust the kernel for nested namespace usage due to the attack surface? As far as I know, there’s no issue with nested seccomp and nested landlock. However, nested namespaces are seen as a security concern, and I can’t understand why due to my ignorance. I would appreciate it if you could enlighten me.
Related topics
| Topic | Replies | Views | Activity | |
|---|---|---|---|---|
| Security problems with Flatpak Browsers (Firefox, Chromium), bubblejail, seccomp, user namespaces | 6 | 1606 | July 7, 2024 | |
| Confining user namespaces with SELinux | 4 | 359 | March 29, 2025 | |
| Hardened Fedora Atomic, Brainstorming | 0 | 546 | November 24, 2023 | |
| Flatpak, sandboxed repositories = privacy & security? | 1 | 153 | October 7, 2024 | |
| Sell me on Atomic, CoreOS, Flatpaks, and Containers | 42 | 1587 | November 4, 2024 |