alt Hacker NewsWhy does snap-confine need to be setuid, rather than use a user namespace?
Replies
curt15 • yesterday at 10:39 PM
Snap supports programs running as real root. Would those work with user namespaces?
cello305 • today at 12:05 AM
[dead]
Why does snap-confine need to be setuid, rather than use a user namespace?
Snap supports programs running as real root. Would those work with user namespaces?
[dead]
There are several reasons but at some point we can use user namespaces to remove them. I'm not particularly a HN person so I won't go into details but it's possible to drop the setuid bits sooner rather than later.