Comment 1 for bug 2046477

This bug was fixed in the package apparmor - 4.0.0~alpha2-0ubuntu7

---------------
apparmor (4.0.0~alpha2-0ubuntu7) noble; urgency=medium

  [Alex Murray]
  * Enable user namespace restrictions by default (LP: #2046477)
    - d/p/u/userns-runtime-disable.patch: add logic to disable user
      namespace restrictions if kernel lacks support
    - debian/usr/lib/sysctl.d/10-apparmor.conf: set sysctl value to 1 and
      update comment to match
    - debian/apparmor.service: run After systemd-sysctl.service

  [John Johansen]
  * Add additional AppArmor profiles to support third-party applications
    that use unprivileged user namespace
    - add d/p/u/oot-unconfined-profiles.patch
    - add profiles to debian/apparmor.install
       - /etc/apparmor.d/1password
       - /etc/apparmor.d/Discord
       - /etc/apparmor.d/MongoDB_Compass
       - /etc/apparmor.d/code
       - /etc/apparmor.d/firefox
       - /etc/apparmor.d/github-desktop
       - /etc/apparmor.d/obsidian
       - /etc/apparmor.d/opera
       - /etc/apparmor.d/polypane
       - /etc/apparmor.d/signal-desktop
       - /etc/apparmor.d/slack
       - /etc/apparmor.d/steam

  [Alex Murray]
  * Drop duplicate profiles for usr.share.code.bin.code and
  * usr.lib.multiarch.opera.opera since they are now also in
    d/p/u/oot-unconfined-profiles.patch
    - modified d/p/u/userns-unconfined-profiles.patch to remove them
    - removed from debian/apparmor.install
    - added to debian/apparmor.maintscript to ensure they are removed on
      upgrade

 -- John Johansen <email address hidden> Wed, 13 Dec 2023 20:38:45 -0800