Merge utils: add unprivileged_userns to aa-notify list of special profiles

Both the unconfined profile and unprivileged_userns are part of the default notify.conf, so the default fallback when no configurations are present should also match this default. Signed-off-by: Ryan Lee <ryan.lee@canonical.com> MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1609 Approved-by: John Johansen <john@jjmx.net> Merged-by: John Johansen <john@jjmx.net>
2025-08-22 01:57:43 +00:00 · 2025-04-03 19:37:08 +00:00 · 2025-04-03 19:37:08 +00:00 · 65e2cfa4e3
commit 65e2cfa4e3
parent 3b3dada5d9 4623da695e
1 changed files with 2 additions and 1 deletions
--- a/utils/aa-notify
+++ b/utils/aa-notify
@ -1013,7 +1013,8 @@ def main():
    if 'userns_special_profiles' in config['']:
        userns_special_profiles = config['']['userns_special_profiles'].strip().split(',')
    else:
-        userns_special_profiles = ['unconfined']  # By default, unconfined is the only special profile
+        # By default, unconfined and unprivileged_userns are the special profiles
+        userns_special_profiles = ['unconfined', 'unprivileged_userns']

    if 'ignore_denied_capability' in config['']:
        ignore_denied_capability = config['']['ignore_denied_capability'].strip().split(',')