From e4cbb85ddf0f3a69c93fc0cc2ae73ddf639753ae Mon Sep 17 00:00:00 2001
From: Ramkumar Chinchani <rchincha.dev@gmail.com>
Date: Fri, 17 Jan 2025 08:36:50 -0800
Subject: [PATCH] ci: nightly ci now uses ubuntu 24.04+

which needs user namespaces to be re-enabled so that stacker can
build/run

Signed-off-by: Ramkumar Chinchani <rchincha.dev@gmail.com>
---
 .github/workflows/nightly.yaml |  1 +
 scripts/enable_userns.sh       | 11 +++++++++++
 2 files changed, 12 insertions(+)
 create mode 100755 scripts/enable_userns.sh

diff --git a/.github/workflows/nightly.yaml b/.github/workflows/nightly.yaml
index a85f14f59..11d677222 100644
--- a/.github/workflows/nightly.yaml
+++ b/.github/workflows/nightly.yaml
@@ -196,6 +196,7 @@ jobs:
           password: ${{ github.token }}
       - name: Run tests
         run: |
+            sudo ./scripts/enable_userns.sh
             ./examples/kind/kind-ci.sh
 
   cloud-scale-out:
diff --git a/scripts/enable_userns.sh b/scripts/enable_userns.sh
new file mode 100755
index 000000000..96a77cee9
--- /dev/null
+++ b/scripts/enable_userns.sh
@@ -0,0 +1,11 @@
+#!/bin/sh -xe
+
+# enable user namespaces
+sysctl -w kernel.apparmor_restrict_unprivileged_io_uring=0
+sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_complain=0
+sysctl -w kernel.apparmor_restrict_unprivileged_userns_force=0
+sysctl -w kernel.unprivileged_bpf_disabled=2
+sysctl -w kernel.unprivileged_userns_apparmor_policy=0
+sysctl -w kernel.unprivileged_userns_clone=1