# ACE app runs in a container, need privileges within user namespace, so we need to set it
kernel.unprivileged_userns_clone=1
# Ubuntu 24.04 has more limitation on unprivileged user namespace,so we have to disable them.
# refer to https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
kernel.apparmor_restrict_unprivileged_unconfined=0
kernel.apparmor_restrict_unprivileged_userns=0