From 3e325cca037c86b2315e14edc83e23dc54d8bf5d Mon Sep 17 00:00:00 2001
From: Mikaela Suomalainen <mikaela+git@mikaela.info>
Date: Wed, 12 Feb 2020 22:00:11 +0200
Subject: [PATCH] etc/sysctl.d: add 00-local-userns.conf with warnings/rant

---
 etc/sysctl.d/00-local-userns.conf | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 etc/sysctl.d/00-local-userns.conf

diff --git a/etc/sysctl.d/00-local-userns.conf b/etc/sysctl.d/00-local-userns.conf
new file mode 100644
index 00000000..f5c02a13
--- /dev/null
+++ b/etc/sysctl.d/00-local-userns.conf
@@ -0,0 +1,7 @@
+# A security hole required by at least by
+#  * Brave https://github.com/brave/brave-browser/issues/3420
+#  * IPFS Desktop https://github.com/ipfs-shipyard/ipfs-desktop/issues/1044
+#  * A lot of Electron apps? https://github.com/electron/electron/issues/17972
+#    Look for "The SUID sandbox helper binary was found, but is not configured correctly."
+# via https://superuser.com/a/1122977
+kernel.unprivileged_userns_clone=1