apparmor: default to allowing unprivileged userns policy

To disable set kernel/unprivileged_userns_apparmor_policy = 0

Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>

diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
index 52abc2fa76b64caf3a8e9aeb4572f2fb650d58ea..562c8a7cd6e90521fec609bfb541003c269e0769 100644 (file)
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -90,7 +90,7 @@
 #include "include/policy_unpack.h"
 #include "include/resource.h"
 
-int unprivileged_userns_apparmor_policy = 0;
+int unprivileged_userns_apparmor_policy = 1;
 
 /* Note: mode names must be unique in the first character because of
  *       modechrs used to print modes on compound labels on some interfaces