[Test] In test_pyxis, when run on Ubuntu24.04, disable kernel setting 'apparmor_restrict_unprivileged_userns' to prevent permission denied errors blocking Enroot execution.

gmarciani · gmarciani · commit 5c5ad981569a · 2025-03-20T19:31:48.000-04:00
This is required only on Ubuntu24.04 as the restriction was introduced in Ubuntu23. See https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
diff --git a/tests/integration-tests/tests/pyxis/test_pyxis/test_pyxis/compute_node_start.sh b/tests/integration-tests/tests/pyxis/test_pyxis/test_pyxis/compute_node_start.sh
@@ -22,3 +22,12 @@ PYXIS_RUNTIME_DIR="/run/pyxis"
 
 sudo mkdir -p $PYXIS_RUNTIME_DIR
 sudo chmod 1777 $PYXIS_RUNTIME_DIR
+
+# In Ubuntu24.04 Apparmor blocks the creation of unprivileged user namespaces,
+# which is required by Enroot. So to run Enroot, it is required to disable this restriction.
+# See https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
+source /etc/os-release
+if [ "${ID}${VERSION_ID}" == "ubuntu24.04" ]; then
+    echo "kernel.apparmor_restrict_unprivileged_userns = 0" | sudo tee /etc/sysctl.d/99-pcluster-disable-apparmor-restrict-unprivileged-userns.conf
+    sudo sysctl --system
+fi
