From: Daan De Meyer <daan@amutable.com>
Date: Wed, 18 Mar 2026 11:24:34 +0000 (+0100)
Subject: ci: Enable unpriv user namespaces for claude-review
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=02ab8dfc4f804375266dd8313e6e507a7e36a26b;p=thirdparty%2Fsystemd.git

ci: Enable unpriv user namespaces for claude-review

Required for bubblewrap to work properly.
---

diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml
index 168e658e8a3..926f28dd356 100644
--- a/.github/workflows/claude-review.yml
+++ b/.github/workflows/claude-review.yml
@@ -163,7 +163,9 @@ jobs:
           name: pr-context.json
 
       - name: Install sandbox dependencies
-        run: sudo apt-get update && sudo apt-get install -y bubblewrap socat
+        run: |
+          sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0
+          sudo apt-get update && sudo apt-get install -y bubblewrap socat
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7