From 928f27dbf5a4ef91dfc74107f0c0a0417e5ac54b Mon Sep 17 00:00:00 2001
From: Alexandre Pujol <alexandre@pujol.io>
Date: Tue, 19 Mar 2024 14:48:32 +0000
Subject: [PATCH] feat(profile): bwrap always need userns.

---
 apparmor.d/abstractions/bwrap    | 4 +++-
 apparmor.d/groups/gnome/nautilus | 2 --
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/apparmor.d/abstractions/bwrap b/apparmor.d/abstractions/bwrap
index ae748733..cd54aed4 100644
--- a/apparmor.d/abstractions/bwrap
+++ b/apparmor.d/abstractions/bwrap
@@ -4,10 +4,12 @@
 
 # Minimal set of rules for bwrap
 
-# A profile using this abstaction still needs to set:
+# A profile using this abstraction still needs to set:
 # - the attach_disconnected flag
 # - bwrap execution: '@{bin}/bwrap rix,'
 
+  # userns,
+
   capability net_admin,
   capability setpcap,
   capability sys_admin,
diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus
index cc2496ce..a36840cb 100644
--- a/apparmor.d/groups/gnome/nautilus
+++ b/apparmor.d/groups/gnome/nautilus
@@ -26,8 +26,6 @@ profile nautilus @{exec_path} flags=(attach_disconnected) {
   include <abstractions/nameservice-strict>
   include <abstractions/trash>
 
-  # userns,
-
   # mqueue r type=posix /,
 
   dbus bind bus=session name=org.gnome.Nautilus,