From b79b771f1f43ab8700e0174fa00597adc7a46790 Mon Sep 17 00:00:00 2001
From: Magnus Kulke <magnuskulke@microsoft.com>
Date: Fri, 6 Dec 2024 19:32:04 +0100
Subject: [PATCH] podvm-ci: un-restrict user ns on ubuntu 24.04

There is a restriction introduced in new revisions of ubuntu runners.
This change allows user ns to be created, so mkosi can be built
rootless.

Signed-off-by: Magnus Kulke <magnuskulke@microsoft.com>
---
 .github/workflows/podvm_mkosi.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/podvm_mkosi.yaml b/.github/workflows/podvm_mkosi.yaml
index 0ea2ac4d8..b8c6da6f7 100644
--- a/.github/workflows/podvm_mkosi.yaml
+++ b/.github/workflows/podvm_mkosi.yaml
@@ -75,6 +75,11 @@ jobs:
       qcow2_oras_image: ${{ steps.publish_oras_qcow2.outputs.image }}:${{ steps.publish_oras_qcow2.outputs.tag }}
       docker_oci_image: ${{ steps.build_docker_oci.outputs.image }}
     steps:
+      # Required by rootless mkosi
+      - name: Un-restrict user namespaces
+        if: inputs.arch == 'amd64'
+        run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+
       - name: Checkout
         uses: actions/checkout@v4
         with: