If I'm reading the comments in apparmor correctly (I don't have a 2404 machine myself) then unshare doesn't work out of the box either:
# This profile allows almost everything and only exists to allow # unshare to work on a system with user namespace restrictions # being enforced. # unshare is allowed access to user namespaces and capabilities # within the user namespace, but its children do not have # capabilities, blocking unshare from being able to be used to # arbitrarily by-pass the user namespace restrictions. # We restrict x mapping of any code that is unknown while unshare # has privilige within the namespace. To help ensure unshare can't # be used to attack the kernel. # # disabled by default as it can break some use cases on a system that # doesn't have or has disable user namespace restrictions for unconfined # use aa-enforce to enable it -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056555 Title: Allow bitbake to create user namespace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
