Ubuntu Linux 23.10 Is Adding an Important New Security Feature
This has the potential to improve Linux desktop and container security significantly.
On October 12, 2023, Canonical will be releasing Ubuntu 23.10. This new version of Ubuntu Linux is already looking good. One new security feature, however, hasn't gotten much attention: Restricted unprivileged user namespaces, It should. This has the potential to significantly improve Linux desktop and container security.
But, what are "restricted unprivileged user namespaces," you ask? Well, let me start by explaining what "unprivileged user namespaces" are. They're a Linux kernel feature that was introduced in the Linux 3.8 kernel in 2019. The idea was to avoid the security problem caused by the Linux permission privilege model, which divides users into two groups: Normal users and superusers, aka root users. The problem is that when acting as a superuser, there's nothing you can't do. Burn the system to the ground? Sure! Go for it.
There are ways around this problem in this model, but the unprivileged user namespaces were an attempt to secure Linux by enabling administrators to set up sandboxes or containers where a normal user could act as a superuser inside a container to perform administrative tasks without being root on the master Linux system.