runimage doesn't work when apparmor is enabled

Open Kreijstal opened this issue 8 months ago • 1 comments

is there a way to make it work through for example proot instead?

[ ERROR ][2025.04.23 17:10:31]: apparmor_restrict_unprivileged_userns is enabled!

Apr 23 '25 15:04 Kreijstal

It's not the whole apparmor that is affected, just the prohibition on creating unprivileged userns, and this practice "out of the box" is mostly only used in ubuntu 24+

proot is much slower because it uses prtace and many runimage options will simply not work there, including security and isolation options like process isolation, network sandbox and others.

Perhaps in the future proot support will be added and many runimage features will not be available in this mode.

Apr 23 '25 17:04 VHSgunzo