Linux-hardened and Flatpak, Distrobox, Podman, Docker
Hi guys!
I am currently trying Arch in a VM and I like it a lot. Wanted to try the hardened kernel all the time, but it has the problem of forbidding custom namespaces.
Tbh I dont even know what that is, but on arch, installing bubblewrap-suid fixes the flatpak problem.
I could not find such a package for Podman, which is used as backend (?) in Distrobox.
Is there a way to make Podman, Docker, Distrobox, Toolbox work on linux-hardened?
This is a big requirement for making a Fedora Atomic version using the hardened kernel, which sounds great, as they completely rely on these containers.
You are viewing a single comment
Tools like Podman, Docker, Distrobox and Toolbox use custom uid namespaces. I don’t see how they could work with them disabled.
With a specific exception only for one software. I would be happy with Flatpak and Podman. Maybe Waydroid and wine too though?
Wine should just work.
Waydroid needs extra support from the kernel that linux-hardend has disabled at compile time. There's a DKMS solution however.
This one? it doesnt mention the hardened kernel at all, is this some obsolete modification not needed in modern Kernels?
binder_linux-dkms
It's an Android thing.
Crazy that it just works on Fedora
That just means they have the feature enabled at compile time. Linux-Zen is the only kernel that has it on Arch.