@ross: yes the plan is to enable unshare and bwrap with custom profiles. It is possible to test if this would work for your use case by copying these profiles to the system and loading them.
Whether it will work really depends on whether unshare can do all the necessary privileged operations. The child that unshare will spawn will not be able to do anything that requires capabilities, as what is being denied above. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2056555 Title: Allow bitbake to create user namespace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056555/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
