From 86a0a8aef3f80686f4371d1a439d92bccfeaea0a Mon Sep 17 00:00:00 2001
From: "B. Blechschmidt" <git@blechschmidt.io>
Date: Sun, 29 Dec 2024 12:34:01 +0100
Subject: [PATCH] Test with restricted unprivileged user namespaces

---
 .github/workflows/run-tests.yml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 1fd7527..90f35bf 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -39,6 +39,13 @@ jobs:
           sudo ip6tables -P FORWARD ACCEPT
       #- name: Setup upterm session
       #  uses: lhotari/action-upterm@v1
+
+      # cf. https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
+      - name: Allow Unconfined NS
+        run: |
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
       - name: Populate .env
         env:
           DOTENV: ${{ secrets.DOTENV }}