apparmor

src/DEBIAN/control

@@ -4,5 +4,5 @@ Section: misc
 Priority: optional
 Depends: bubblewrap,flatpak,zenity,policykit-1,gcc,systemd,procps
 Maintainer: shenmo <shenmo@spark-app.store>
-Architecture: arm64
+Architecture: amd64
 Description: bwrap wrapper for install and running debs inside a bookworm container

src/DEBIAN/postinst

@@ -19,7 +19,6 @@ systemctl enable ace-bookworm-auto-upgrade
 systemctl start ace-bookworm-auto-upgrade
 fi
 
-
-sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+systemctl reload apparmor
 
 true

src/etc/apparmor.d/amber-ce-bookworm

@@ -0,0 +1,7 @@
+abi <abi/4.0>,
+include <tunables/global>
+profile bwrap /usr/bin/bwrap flags=(unconfined) {
+userns,
+#Site-specific additions and overrides. See local/README for details.
+include if exists <local/bwrap>
+}