From 1e6dffb54b119cf51c437fda83d1032afb2015f0 Mon Sep 17 00:00:00 2001
From: jason yang <jasonyangshadow@gmail.com>
Date: Wed, 17 Jul 2024 00:29:06 +0000
Subject: [PATCH] init

Signed-off-by: jason yang <jasonyangshadow@gmail.com>
---
 .github/workflows/ci.yml         | 16 ++++++++++++++++
 CHANGELOG.md                     |  1 +
 dist/debian/apparmor-placeholder |  5 +++--
 dist/debian/apparmor-userns      |  3 ++-
 dist/debian/rules                |  3 ++-
 scripts/ci-deb-build-test        |  2 ++
 6 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7a3cb94cd..35be0b434 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -144,6 +144,22 @@ jobs:
           OS_VERSION: 24.04
           GO_ARCH: linux-amd64
         run: ./scripts/ci-docker-run
+  
+  ubuntu-2310:
+    name: debbuild-ubuntu23
+    runs-on: ubuntu-23.10
+    steps:
+      - uses: actions/checkout@v2
+      # fetch tags as checkout@v2 doesn't do that by default
+      - run: git fetch --prune --unshallow --tags --force
+
+      - name: Build and test deb under docker
+        env:
+          OS_TYPE: ubuntu
+          OS_VERSION: 23.10
+          GO_ARCH: linux-amd64
+        run: ./scripts/ci-docker-run
+
 
   rpmbuild-rocky8:
     runs-on: ubuntu-22.04
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 037755327..8a027a18d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ For older changes see the [archived Singularity change log](https://github.com/a
 
 - Fix sif-embedded overlay partitions for containers that are larger
   than 2 gigabytes.
+- Fix apparmor broken issue.
 
 ## v1.3.3 - \[2024-07-03\]
 
diff --git a/dist/debian/apparmor-placeholder b/dist/debian/apparmor-placeholder
index 7c82ffcc2..08fd98804 100644
--- a/dist/debian/apparmor-placeholder
+++ b/dist/debian/apparmor-placeholder
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter, placeholder
-abi <abi/4.0>,
+# Uses AppArmor 3 ABI on Ubuntu <23.10
+abi <abi/3.0>,
 include <tunables/global>
  
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/apptainer>
 }
diff --git a/dist/debian/apparmor-userns b/dist/debian/apparmor-userns
index f6d0859e1..d3acf9867 100644
--- a/dist/debian/apparmor-userns
+++ b/dist/debian/apparmor-userns
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter
+# Uses AppArmor 4 ABI on Ubuntu >=23.10
 abi <abi/4.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.
diff --git a/dist/debian/rules b/dist/debian/rules
index 28e43d6a1..b6252fbee 100755
--- a/dist/debian/rules
+++ b/dist/debian/rules
@@ -5,6 +5,7 @@ pkgver = $(shell LC_ALL=C dpkg-parsechangelog --show-field Version )
 
 OS_MAJOR := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI' | cut -d'.' -f1)
 OS_NAME := $(shell grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI')
+OS_VERSION := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI')
 
 # Needed by debchange to set Name and EMAIL in changelog
 # DEBFULLNAME is filtered out by debuild
@@ -97,7 +98,7 @@ override_dh_auto_install:
 	@dh_auto_install -Smakefile -D$(DEB_SC_BUILDDIR)
 	@./scripts/install-dependencies $(pkgdir)/usr/libexec
 # Apparmor userns profile needed on Ubuntu 24.04, or unconfined placeholder for older versions.	
-	if [ $(OS_MAJOR) -gt 23 ] && [[ $(OS_NAME) = "Ubuntu" ]]; then \
+	if ( [ $(OS_MAJOR) -gt 23 ] || [[ $(OS_VERSION) = "23.10" ]]) && [[ $(OS_NAME) = "Ubuntu" ]]; then \
 		echo "Ubuntu 24.04 or newer - installing apparmor userns profile"; \
 		install -D -m 644 dist/debian/apparmor-userns $(pkgdir)/etc/apparmor.d/apptainer; \
 	else \
diff --git a/scripts/ci-deb-build-test b/scripts/ci-deb-build-test
index c4e790daa..2a1aa3c84 100755
--- a/scripts/ci-deb-build-test
+++ b/scripts/ci-deb-build-test
@@ -83,4 +83,6 @@ su testuser -c '
   sudo dpkg -i ../apptainer*.deb
 
   apptainer exec oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --userns oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --fakeroot oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
 '