There are three approaches: 1. Users will be able to use a GUI notification/pop-up to do this. A version of this is currently available in 24.10, it has been revised and a new iteration will soon land in 25.04, the plan is to SRU this back to 24.04 (23.10 is already out of support).
A demo video, https://gitlab.com/-/project/4484878/uploads/ea5f41c3e1799fcf4d6c0c41af86553a/demo_aa_notify.webm For now this is not integrated with the security-center etc. Long term a more integrated solution will happen. This is just a step to get a solution sooner than later. 2. the users can run pipx using sudo. The user namespace restriction does not apply to root processes. Yes this defeats the purpose of user namespaces, to provide a limited root. 3. the user can manually add a profile which is admittedly a very poor user experience. A basic template can be provided, I will have to play with pipx and mkosi before I can provide a template. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2092752 Title: Guidance for pipx binaries requiring user namespaces To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2092752/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
