Disabling the user namespace restriction is certainly one possible direction, and would be the easiest for Noble.
The other possible route is using aa-notify, which now has the ability to produce a prompt for the user. An example gif can be seen at https://gitlab.com/-/project/4484878/uploads/ea5f41c3e1799fcf4d6c0c41af86553a/demo_aa_notify.webm it is currently only in Oracular, and there are some bug fixes coming to the current version, but the plan is to SRU the ability to Noble. For those who want to play with it, instructions are below. It is available for noble via the ppa at https://launchpad.net/~apparmor- dev/+archive/ubuntu/apparmor-backports. it can be install via sudo apt install apparmor-notify basic instructions are available via man aa-notify it will install a default configuration in "/etc/apparmor/notify.conf". The default configuration can be modified on a per user basis by copying it to "$XDG_CONFIG_HOME/apparmor/notify.conf" which is generally "$HOME/.config/apparmor/notify.conf" or to "$HOME/.apparmor/notify.conf". A custom configuration is not needed unless you want to use filtering to make it less noisy. Currently regular notifications will happen for all apparmor events, but they can be filtered using the config file. the notifier can be started via the shell with aa-notify -p -s1 --prompt-filter=userns or by adding it to startup applications There is a bug with the user namespace notification where it currently requires "--prompt-filter=userns" as part of the command arguments instead of being set in the config file. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2065088 Title: AppArmor profiles allowing userns not immediately active in 24.04 live image To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2065088/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
