From 461786a09841ddb12a6df38fdb44f607ec473494 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Thu, 19 Oct 2023 23:50:29 -0400
Subject: [PATCH] daemon.start: stop disabling Apparmor restrictions on unpriv
 userns/unconfined

Those restrictions are not enabled in 23.10 so LXD no longer need to
force disable them. If they are enabled, it means the user opted into
it, probably for testing the features, in which case LXD shouldn't
undo the user's decision.

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 snapcraft/commands/daemon.start | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index d9a7f22a9..44e96c853 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -427,20 +427,6 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
             echo 1 > /proc/sys/kernel/unprivileged_userns_clone || true
         fi
     fi
-
-    if [ -e /proc/sys/kernel/apparmor_restrict_unprivileged_userns ]; then
-        if [ "$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_userns)" = "1" ]; then
-            echo "==> Disabling Apparmor unprivileged userns mediation"
-            echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns || true
-        fi
-    fi
-
-    if [ -e /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined ]; then
-        if [ "$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined)" = "1" ]; then
-            echo "==> Disabling Apparmor unprivileged unconfined mediation"
-            echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined || true
-        fi
-    fi
 fi
 
 # Setup CRIU