From: ssooffiiaannee <h.sousou97@gmail.com>
Date: Sat, 27 Dec 2025 16:02:39 +0000 (+0100)
Subject: docs: Minor correction on enabling unprivileged namespaces
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab47ba25ef11b392b6387b47863cf75c9964890d;p=thirdparty%2Fmkosi.git

docs: Minor correction on enabling unprivileged namespaces

apparmor_restrict_unprivileged_unconfined should be set to 0 to allow
unprivileged namespaces.
---

diff --git a/mkosi/resources/man/mkosi.1.md b/mkosi/resources/man/mkosi.1.md
index c14aea191..affce0c08 100644
--- a/mkosi/resources/man/mkosi.1.md
+++ b/mkosi/resources/man/mkosi.1.md
@@ -3278,16 +3278,16 @@ https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces. To
 unprivileged user namespaces on Ubuntu, run the following commands:
 
 ```sh
-sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=1
-sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=1
+sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0
+sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
 ```
 
 To persist these sysctl settings across reboots, create `/etc/sysctl.d/unprivileged-userns.conf`
 with the following contents:
 
 ```conf
-kernel.apparmor_restrict_unprivileged_unconfined=1
-kernel.apparmor_restrict_unprivileged_userns=1
+kernel.apparmor_restrict_unprivileged_unconfined=0
+kernel.apparmor_restrict_unprivileged_userns=0
 ```
 
 For other systems, try researching the `kernel.unprivileged_userns_clone` or