Haelwenn /элвэн/ :triskell:@wolf480pl @quad Not entirely sure if it's not telling lies to userspace, like if you actually try:
$ USER=nobody HOME=/ /bin/unshare -U -p -m -f --mount-proc --keep-caps sh $ nft list ruleset Operation not permitted (you must be root) netlink: Error: cache initialization failed: Operation not permitted $ id uid=65534(nobody) gid=65534(nobody) groups=65534(nobody) $ dmesg dmesg: read kernel buffer failed: Operation not permitted $ nft list ruleset Operation not permitted (you must be root) netlink: Error: cache initialization failed: Operation not permitted $ zpool import -a cannot discover pools: permission deniedAnd for bwrap:
USER=root HOME=/root bwrap --unshare-user --uid 0 --gid 0 --bind / / /bin/sh /bin/sh: No controlling tty: open /dev/tty: Permission denied /bin/sh: warning: won't have full job control # cd /bin/sh: cd: /root: Permission denied # id uid=0(root) gid=0(root) groups=65534(nobody),0(root) # nft list ruleset Operation not permitted (you must be root) netlink: Error: cache initialization failed: Operation not permitted # dmesg dmesg: read kernel buffer failed: Operation not permitted # zpool import -a Permission denied the ZFS utilities must be run as root.
All GNU social JP content and data are available under the