Commit 18a365c addressed this in CI, but it took a couple minutes to find the (arguably insecure) fix myself, so it would be convenient to mention this in the docs. Here’s the original bug report I wrote on this:
Starting in Ubuntu 23.10, AppArmor prevents unprivileged applications without a profile from creating namespaces.
This causes ./configure to fail with “try needs unshare to work, but could not run unshare.”
The easy solution is to run sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 to disable the apparmor restriction. Another solution would be to provide a PPA or a .deb installable that sets up the apparmor profile.
Commit 18a365c addressed this in CI, but it took a couple minutes to find the (arguably insecure) fix myself, so it would be convenient to mention this in the docs. Here’s the original bug report I wrote on this:
Starting in Ubuntu 23.10, AppArmor prevents unprivileged applications without a profile from creating namespaces.
This causes
./configureto fail with “try needs unshare to work, but could not run unshare.”The easy solution is to run
sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0to disable the apparmor restriction. Another solution would be to provide a PPA or a .deb installable that sets up the apparmor profile.