Anyone currently have a take on the #security concerns of #linux #kernel user #namespaces #usernamespaces? I have been rereading into it wondering whether enabling or disabling is the best approach. They seem rather insignificant with considerable surface area for attack, from my understanding. However, more applications check for/need them nowadays.

I think kernel #hardening advice is still to disable. Makes me wonder if should e.g. be considered only if #AppArmor / #SELinux is active.