ci: nightly ci now uses ubuntu 24.04+

which needs user namespaces to be re-enabled so that stacker can build/run Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
project-zot · Jan 17, 2025 · 435c2da · 435c2da
1 parent 002ac62
commit 435c2da
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
@@ -166,6 +166,7 @@ jobs:
       - uses: ./.github/actions/clean-runner
       - name: Build image
         run: |
+          sudo ./scripts/enable_userns.sh
           make docker-image
 
   kind-setup:

diff --git a/scripts/enable_userns.sh b/scripts/enable_userns.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -xe
+
+# enable user namespaces
+sysctl -w kernel.apparmor_restrict_unprivileged_io_uring=0
+sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_complain=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_force=0
+sysctl -w kernel.unprivileged_bpf_disabled=2
+sysctl -w kernel.unprivileged_userns_apparmor_policy=0
+sysctl -w kernel.unprivileged_userns_clone=1