From 8b13467e0410a87379f10749f7bad2ef36c7b30c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Wei=C3=9Fe?= <dw@edgeless.systems>
Date: Thu, 10 Apr 2025 08:45:44 +0200
Subject: [PATCH] allow unrestricted namespaces when building on ubuntu 24.04
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Daniel Weiße <dw@edgeless.systems>
---
 .../check_measurements_reproducibility/action.yml      | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/.github/actions/check_measurements_reproducibility/action.yml b/.github/actions/check_measurements_reproducibility/action.yml
index ea2407115..184e1221f 100644
--- a/.github/actions/check_measurements_reproducibility/action.yml
+++ b/.github/actions/check_measurements_reproducibility/action.yml
@@ -30,6 +30,12 @@ runs:
           jd-diff-patch
           moreutils
 
+    - name: Allow unrestricted user namespaces
+      shell: bash
+      run: |
+        sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_unconfined=0
+        sudo sysctl --ignore --write kernel.apparmor_restrict_unprivileged_userns=0
+
     - name: Build images
       id: build-images
       shell: bash
@@ -46,12 +52,12 @@ runs:
       shell: bash
       run: |
         curl -fsLO https://cdn.confidential.cloud/constellation/v2/ref/-/stream/stable/${{ inputs.version }}/image/measurements.json
-    
+
     - name: Cleanup release measurements and generate our own
       shell: bash
       run: |
         ${{ github.action_path }}/create_measurements.sh "${{ steps.build-images.outputs.buildPath }}"
-        
+
     - name: Compare measurements
       shell: bash
       run: |