From 8d884a6cdf279488878b231afad3d8504dbe68a6 Mon Sep 17 00:00:00 2001
From: jason yang <jasonyangshadow@gmail.com>
Date: Wed, 17 Jul 2024 00:10:12 +0000
Subject: [PATCH] init

Signed-off-by: jason yang <jasonyangshadow@gmail.com>
---
 CHANGELOG.md                     | 1 +
 dist/debian/apparmor-placeholder | 5 +++--
 dist/debian/apparmor-userns      | 3 ++-
 dist/debian/rules                | 3 ++-
 scripts/ci-deb-build-test        | 2 ++
 5 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 037755327..8a027a18d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,6 +14,7 @@ For older changes see the [archived Singularity change log](https://github.com/a
 
 - Fix sif-embedded overlay partitions for containers that are larger
   than 2 gigabytes.
+- Fix apparmor broken issue.
 
 ## v1.3.3 - \[2024-07-03\]
 
diff --git a/dist/debian/apparmor-placeholder b/dist/debian/apparmor-placeholder
index 7c82ffcc2..08fd98804 100644
--- a/dist/debian/apparmor-placeholder
+++ b/dist/debian/apparmor-placeholder
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter, placeholder
-abi <abi/4.0>,
+# Uses AppArmor 3 ABI on Ubuntu <23.10
+abi <abi/3.0>,
 include <tunables/global>
  
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   # Site-specific additions and overrides. See local/README for details.
   include if exists <local/apptainer>
 }
diff --git a/dist/debian/apparmor-userns b/dist/debian/apparmor-userns
index f6d0859e1..d3acf9867 100644
--- a/dist/debian/apparmor-userns
+++ b/dist/debian/apparmor-userns
@@ -1,8 +1,9 @@
 # Permit unprivileged user namespace creation for apptainer starter
+# Uses AppArmor 4 ABI on Ubuntu >=23.10
 abi <abi/4.0>,
 include <tunables/global>
 
-profile apptainer /usr/lib/@{multiarch}/apptainer/bin/starter{,-suid} flags=(unconfined) {
+profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
   userns,
 
   # Site-specific additions and overrides. See local/README for details.
diff --git a/dist/debian/rules b/dist/debian/rules
index 28e43d6a1..d565bb5e3 100755
--- a/dist/debian/rules
+++ b/dist/debian/rules
@@ -5,6 +5,7 @@ pkgver = $(shell LC_ALL=C dpkg-parsechangelog --show-field Version )
 
 OS_MAJOR := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI' | cut -d'.' -f1)
 OS_NAME := $(shell grep ^NAME /etc/os-release | cut -d '=' -f2 | sed 's/\"//gI')
+OS_VERSION := $(shell grep ^VERSION_ID /etc/os-release | cut -d'=' -f2 | sed 's/\"//gI')
 
 # Needed by debchange to set Name and EMAIL in changelog
 # DEBFULLNAME is filtered out by debuild
@@ -97,7 +98,7 @@ override_dh_auto_install:
 	@dh_auto_install -Smakefile -D$(DEB_SC_BUILDDIR)
 	@./scripts/install-dependencies $(pkgdir)/usr/libexec
 # Apparmor userns profile needed on Ubuntu 24.04, or unconfined placeholder for older versions.	
-	if [ $(OS_MAJOR) -gt 23 ] && [[ $(OS_NAME) = "Ubuntu" ]]; then \
+	if ( [ $(OS_MAJOR) -gt 23 ] || [[ $(OS_VERSION) = "23.10" ]] ) && [[ $(OS_NAME) = "Ubuntu" ]]; then \
 		echo "Ubuntu 24.04 or newer - installing apparmor userns profile"; \
 		install -D -m 644 dist/debian/apparmor-userns $(pkgdir)/etc/apparmor.d/apptainer; \
 	else \
diff --git a/scripts/ci-deb-build-test b/scripts/ci-deb-build-test
index c4e790daa..96c043b59 100755
--- a/scripts/ci-deb-build-test
+++ b/scripts/ci-deb-build-test
@@ -83,4 +83,6 @@ su testuser -c '
   sudo dpkg -i ../apptainer*.deb
 
   apptainer exec oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --usrns oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
+  apptainer exec --fakeroot oras://ghcr.io/apptainer/alpine:3.15.0 /bin/true
 '