Comment by eqvinox
15 hours ago
If you don't need it (rootless containers), you can disable unprivileged userns to block these two:
echo 1 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
May also break sandboxes (e.g. browser) though.
No comments yet
Contribute on Hacker News ↗