Hi, On Thu, 12 Jun 2025 at 16:13, Ludovic Courtès <[email protected]> wrote:
>> But disabling the apparmor with >> sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 >> does work, although not ideal. > > Thanks for confirming. > > Perhaps you can instead get away with: > > sysctl kernel.apparmor_restrict_unprivileged_userns off > > as discussed in <https://issues.guix.gnu.org/77296>. > > I spent hours trying to come up with an AppArmor profile for ‘guix shell > -C’ in <https://issues.guix.gnu.org/71226>, but now we also need > something for the unprivileged daemon. Well, maybe all this could be tracked by an issue, if not already the case. I mean, the description of the issue appears to me worth and the current dirty fix too, and also these links to previous work on the topic. An issue would ease to redirect Ubuntu users when they hit the issue and maybe one will be motivated to fix it for the good. :-) WDYT? Cheers, simon
