> In combination with the apparmor package, the Ubuntu kernel now restricts the use of unprivileged user namespaces. This affects all programs on the system that are unprivileged and unconfined. A default AppArmor profile is provided that allows the use of user namespaces for unprivileged and unconfined applications but will deny the subsequent use of any capabilities within the user namespace.
Welp, that kills any chance of namespaces being widely used by anyone outside the likes of Docker and systemd. I'd been using unprivileged mount namespaces as a way to create anonymous temporary directories, but I guess they just weren't so long for this world after all.
Welp, that kills any chance of namespaces being widely used by anyone outside the likes of Docker and systemd. I'd been using unprivileged mount namespaces as a way to create anonymous temporary directories, but I guess they just weren't so long for this world after all.