Comment 0 for bug 2032602

As per the spec documented at https://discourse.ubuntu.com/t/spec-unprivileged-user-namespace-restrictions-via-apparmor-in-ubuntu-23-10/37626 the Security team is enhancing AppArmor to allow the use of unprivileged user namespaces to be restricted to only those packages which require this.

This change requires changes in both AppArmor within the kernel, as well as the apparmor package in the Ubuntu archive to ensure it supports the new syntax required.

This has been extensively tested via the AppArmor regression test script in the QA Regression Testing repo: https://git.launchpad.net/qa-regression-testing/tree/scripts/test-apparmor.py

This script runs various tests against the installed apparmor package, as well as building and running the various upstream regression and other test suites against this installed package:
  - https://gitlab.com/apparmor/apparmor/-/tree/master/tests/regression/apparmor?ref_type=heads
  - https://gitlab.com/apparmor/apparmor/-/tree/master/utils/test?ref_type=heads
  - https://gitlab.com/apparmor/apparmor/-/tree/master/parser/tst?ref_type=heads
  - https://gitlab.com/apparmor/apparmor/-/tree/master/libraries/libapparmor/testsuite?ref_type=heads