From 62951c743104f5204e1ec4b9de523d1dd94a5dbc Mon Sep 17 00:00:00 2001
From: Matt Staveley-Taylor <matt.stav.taylor@gmail.com>
Date: Sun, 29 Dec 2024 13:51:20 +0000
Subject: [PATCH] ci: allow unprivileged user namespaces in build-from-repos

---
 .github/workflows/build-from-repos.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/build-from-repos.yml b/.github/workflows/build-from-repos.yml
index b8cf14923..3b93cf884 100644
--- a/.github/workflows/build-from-repos.yml
+++ b/.github/workflows/build-from-repos.yml
@@ -22,6 +22,11 @@ jobs:
               run: |
                   curl https://repos.managarm.org/buildenv/managarm-buildenv.tar.gz -o managarm-rootfs.tar.gz
                   tar xvf managarm-rootfs.tar.gz
+            - name: Permit unprivileged user namespaces
+              run: |
+                  set -x
+                  sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+                  sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
             - name: Prepare build directory
               run: |
                   mkdir build