.github: disable AppArmor for Bubblewrap

Fixes: bwrap: loopback: Failed RTM_NEWADDR: Permission denied Signed-off-by: Marc Herbert <[email protected]>
pmem · Dec 7, 2024 · bea4590 · bea4590
1 parent cc09f36
commit bea4590
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -90,6 +90,16 @@ jobs:
         run: cd kernel &&
           make defconfig ARCH=${{ matrix.arch }}
 
+      - name: disable AppArmor
+        run: |
+          # Bubblewrap needs this for RTM_NEWADDR. This may not be required in
+          # this GitHub runner/container but it's still useful as "documentation"
+          # https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
+          if test -e /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined; then
+                    sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+                    sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+          fi
+
       - name: build
         run: |
           mkosi --version