| 1 |
On Sat, Jun 12, 2021 at 09:33:24PM +0100, Michael wrote |
| 2 |
> On Saturday, 12 June 2021 19:16:17 BST Walter Dnes wrote: |
| 3 |
|
| 4 |
> > * Messages for package www-client/google-chrome-91.0.4472.77: |
| 5 |
> > |
| 6 |
> > * USER_NS is required for sandbox to work |
| 7 |
> > * Please check to make sure these options are set correctly. |
| 8 |
> > * Failure to do so may cause unexpected problems. |
| 9 |
> > |
| 10 |
> > >>> Auto-cleaning packages... |
| 11 |
> |
| 12 |
> This involves the use of namespaces for sandboxing purposes and your |
| 13 |
> configuration to enable it in the kernel: |
| 14 |
> |
| 15 |
> $ grep USER_NS /usr/src/linux/.config |
| 16 |
> CONFIG_USER_NS=y |
| 17 |
> |
| 18 |
> More here: |
| 19 |
> |
| 20 |
> https://chromium.googlesource.com/chromium/src.git/+/refs/heads/main/docs/ |
| 21 |
> linux/sandboxing.md |
| 22 |
|
| 23 |
I use a different "search" method. In the "make menuconfig" menu, the |
| 24 |
top few lines state... |
| 25 |
|
| 26 |
======================================================================= |
| 27 |
Arrow keys navigate the menu. <Enter> selects submenus ---> (or empty |
| 28 |
submenus ----). Highlighted letters are hotkeys. Pressing <Y> |
| 29 |
includes, <N> excludes, <M> modularizes features. Press <Esc><Esc> to |
| 30 |
exit, <?> for Help, </> for Search. Legend: [*] built-in [ ] |
| 31 |
======================================================================= |
| 32 |
|
| 33 |
Note the bit about "</> for Search". So I press "/" and type in |
| 34 |
"USER_NS" or "CONFIG_USER_NS". It doesn't matter which, and it's not |
| 35 |
case-sensitive. Hitting {ENTER} gives a list of hits, with associated |
| 36 |
numbers. In this case, there's only one hit, with associated number |
| 37 |
"1", so I press "1". That takes me to the *EXACT LOCATION* in the whole |
| 38 |
"make menuconfig" layout where I need to press "Y" to enable it. Before |
| 39 |
doing so, I tabbed over to the <Help> for this item. It mentions... |
| 40 |
|
| 41 |
> When user namespaces are enabled in the kernel it is |
| 42 |
> recommended that the MEMCG option also be enabled and that |
| 43 |
> user-space use the memory control groups to limit the amount |
| 44 |
> of memory a memory unprivileged users can use. |
| 45 |
|
| 46 |
So I... |
| 47 |
* <Exit> the help |
| 48 |
* tap "Y" to enable "CONFIG_USER_NS" |
| 49 |
* <Exit> out of the "Namespaces Support" menu |
| 50 |
* <Exit> out of the "Search Results" |
| 51 |
|
| 52 |
This take me back to "make menuconfig" "base level". From there I |
| 53 |
repeat the process for "MEMCG" (or "CONFIG_MEMCG") upper/lower case is OK. |
| 54 |
|
| 55 |
-- |
| 56 |
Walter Dnes <waltdnes@××××××××.org> |
| 57 |
I don't run "desktop environments"; I run useful applications |
Archives