Description: update apparmor profile for userns permission and new abi
Author: Alex Murray <alex.murray@canonical.com>
Author: Mathias Gibbens <gibmat@debian.org>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2035315
Forwarded: https://github.com/lxc/lxc/issues/4529
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
index 87982fd..eb6b8ee 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -1,3 +1,4 @@
+  userns,
   network,
   capability,
   file,
diff --git a/config/apparmor/abstractions/start-container.in b/config/apparmor/abstractions/start-container.in
index 20c8529..a58540c 100644
--- a/config/apparmor/abstractions/start-container.in
+++ b/config/apparmor/abstractions/start-container.in
@@ -1,3 +1,4 @@
+  userns,
   network,
   capability,
   file,
diff --git a/config/apparmor/usr.bin.lxc-copy b/config/apparmor/usr.bin.lxc-copy
index 36b8d5c..fe2a0d7 100644
--- a/config/apparmor/usr.bin.lxc-copy
+++ b/config/apparmor/usr.bin.lxc-copy
@@ -1,3 +1,4 @@
+abi <abi/4.0>,
 #include <tunables/global>
 
 /usr/bin/lxc-copy flags=(attach_disconnected) {
diff --git a/config/apparmor/usr.bin.lxc-start b/config/apparmor/usr.bin.lxc-start
index 2f87cdd..8fb2d99 100644
--- a/config/apparmor/usr.bin.lxc-start
+++ b/config/apparmor/usr.bin.lxc-start
@@ -1,3 +1,4 @@
+abi <abi/4.0>,
 #include <tunables/global>
 
 /usr/bin/lxc-start flags=(attach_disconnected) {
diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c
index d6516ae..09264d4 100644
--- a/src/lxc/lsm/apparmor.c
+++ b/src/lxc/lsm/apparmor.c
@@ -38,6 +38,7 @@ lxc_log_define(apparmor, lsm);
 
 static const char AA_PROFILE_BASE[] =
 "  ### Base profile\n"
+"  userns,\n"
 "  capability,\n"
 "  dbus,\n"
 "  file,\n"