When using the default installation on Ubuntu 24.04, the following happens:
omac start opencode
omac sandbox: bwrap is installed but not functional (user namespaces disabled?): exit status 1 — bwrap: setting up uid map: Permission denied
Root Cause: It seems that app armor default profiles are now preventing bwrap to create uids:
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
The workaround that I tested which currently works is to revert that now-default behaviour to how it behaved in Ubuntu < 23.10 via:
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
This can be made permanent via:
echo "kernel.apparmor_restrict_unprivileged_userns=0" | sudo tee /etc/sysctl.d/99-allow-userns.conf
My understanding is that in terms of security this should not have a bigger impact than using Ubuntu 22.04 by default so this should be okayish in most situations. But this needs to be validated!
When using the default installation on Ubuntu 24.04, the following happens:
Root Cause: It seems that app armor default profiles are now preventing bwrap to create uids:
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
The workaround that I tested which currently works is to revert that now-default behaviour to how it behaved in Ubuntu < 23.10 via:
sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0This can be made permanent via:
echo "kernel.apparmor_restrict_unprivileged_userns=0" | sudo tee /etc/sysctl.d/99-allow-userns.confMy understanding is that in terms of security this should not have a bigger impact than using Ubuntu 22.04 by default so this should be okayish in most situations. But this needs to be validated!