Tested: the sysctl values can now be read by a non-root user.
** Tags removed: verification-needed-mantic-linux ** Tags added: verification-done-mantic-linux -- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/2040194 Title: apparmor restricts read access of user namespace mediation sysctls to root Status in linux package in Ubuntu: Invalid Status in linux source package in Mantic: Fix Committed Bug description: lxc and lxd currently need to determine if the apparmor restriction on unprivileged user namespaces are being enforced, so that apparmor restrictions won't break lxc/d, and they won't clutter the logs by doing something like unshare true to test if the restrictions are being enforced. Ideally access to this information would be restricted so that any unknown access would be logged, but lxc/d currently aren't ready for this so in order to _not_ force lxc/d to probe whether enforcement is enabled, open up read access to the sysctls for unprivileged user namespace mediation. https://github.com/canonical/lxd/issues/11920#issuecomment-1756110109 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2040194/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
