@milev-philip: containers are a difficult case. Unfortunately containers share the same kernel as the host. An application running in the container (docker image) can use unprivileged user namespaces to compromise not just the container but the host as well.
There is the ability to turn the restriction off at the host. See the 24.04 release notes https://discourse.ubuntu.com/t/ubuntu-24-04-lts- noble-numbat-release-notes/39890#unprivileged-user-namespace- restrictions Container managers can also be modified to understand and disable the restriction for the container (lxd is doing this). But as noted above when this is done the container can be used to compromise the host, via a kernel exploit. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056555 Title: Allow bitbake to create user namespace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
