With newer versions of AppArmor, unprivileged user namespace creation
may be restricted by default, in which case user manager instances will
not be able to apply PrivateUsers=yes (or the settings which require it).
This can be tested with the kernel.apparmor_restrict_unprivileged_userns
sysctl.
# shellcheck source=test/units/util.sh
. "$(dirname "$0")"/util.sh
+if [[ "$(sysctl -ne kernel.apparmor_restrict_unprivileged_userns)" -eq 1 ]]; then
+ echo "Cannot create unprivileged user namespaces" >/skipped
+ exit 0
+fi
+
systemd-analyze log-level debug
runas testuser systemd-run --wait --user --unit=test-private-users \