From e1aae5aa6b424763f2c09c33b1920b63c78b4454 Mon Sep 17 00:00:00 2001
From: Giuseppe Scrivano <gscrivan@redhat.com>
Date: Mon, 28 Apr 2025 18:36:55 +0200
Subject: [PATCH] github: enable unprivileged user namespaces

Signed-off-by: Giuseppe Scrivano <gscrivan@redhat.com>
---
 .github/workflows/test.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 155279b..347d476 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -97,6 +97,9 @@ jobs:
 
     - name: run test
       run: |
+        sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+        sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+
         case "${{ matrix.test }}" in
             ovl-whiteouts)
                 sudo sh -c "(cd /unionmount-testsuite; unshare -m ./run --ov --fuse=fuse-overlayfs --xdev)"