From 8eef7407bd32c4ab4c825cfe6fcfbb246004cec0 Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon.deziel@canonical.com>
Date: Fri, 6 Oct 2023 14:32:05 -0400
Subject: [PATCH] daemon.start: disable Apparmor unpriv unconfined mediation

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
---
 snapcraft/commands/daemon.start | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/snapcraft/commands/daemon.start b/snapcraft/commands/daemon.start
index 1b9133e1e..ac944cae1 100755
--- a/snapcraft/commands/daemon.start
+++ b/snapcraft/commands/daemon.start
@@ -431,6 +431,13 @@ if [ "$(stat -c '%u' /proc)" = 0 ]; then
             echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_userns || true
         fi
     fi
+
+    if [ -e /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined ]; then
+        if [ "$(cat /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined)" = "1" ]; then
+            echo "==> Disabling Apparmor unprivileged unconfined mediation"
+            echo 0 > /proc/sys/kernel/apparmor_restrict_unprivileged_unconfined || true
+        fi
+    fi
 fi
 
 # Setup CRIU