Open zed opened 2 months ago
Ah yes. We've run into this before. Thanks for reporting it.
At the very least, we should document this and the workaround. I'm not sure if we can work around it by either not mapping users or mapping to non-root users by default.
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
I think the best way to fix it is to install a profile for the program somehow like this
add a profile to /etc/apparmor.d/maelstrom with
abi <abi/4.0>,
include <tunables/global>
profile maelstrom /home/<username>/.cargo/bin/cargo-maelstrom flags=(unconfined) {
userns,
}
but replace maelstrom-pytest
or w/e)
then run
sudo apparmor_parser -r /etc/apparmor.d/maelstrom
maybe the application could prompt to install it for you, or we can add docs explaining
The workaround from https://github.com/lima-vm/lima/issues/2319#issuecomment-2094746425 helps: