From 2a82e6e1a18ae44cb1ff3a1d90548a04970add6e Mon Sep 17 00:00:00 2001
From: igolaizola <11333576+igolaizola@users.noreply.github.com>
Date: Wed, 29 Jan 2025 08:56:15 +0100
Subject: [PATCH] Disable AppArmor in CI to allow chrome sandbox

The CI is currently failing with this error when trying to launch
`TestWasm` with wasmbrowsertest:

No usable sandbox! If you are running on Ubuntu 23.10+ or another Linux
distro that has disabled unprivileged user namespaces with AppArmor, see
https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md.
Otherwise see https://chromium.googlesource.com/chromium/src/+/main/docs/linux/suid_sandbox_development.md
for more information on developing with the (older) SUID sandbox. If you
want to live dangerously and need an immediate workaround, you can try
using --no-sandbox.

This change disables AppArmor in the CI to allow the sandbox to work.
---
 .github/workflows/ci.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8450f14d..81f1eb3b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -31,6 +31,12 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
+      - name: Disable AppArmor
+        if: runner.os == 'Linux'
+        run: |
+          # Disable AppArmor for Ubuntu 23.10+.
+          # https://chromium.googlesource.com/chromium/src/+/main/docs/security/apparmor-userns-restrictions.md
+          echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns
       - uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with: