My question is not regarding the advantages/disadvantages of the new apparmor namespace restrictions of Ubuntu 24.04 lts.
I wanted to know if disabling the restrictions will make the system any more "unsafe" than what 22.04 lts is.
For example, for installing Docker Desktop, I got to know that doing this (in sysctl) will toggle it off.
kernel.apparmor_restrict_unprivileged_userns = 0I checked that its value is by default 0 on 22.04.
But I am not sure if this is the only relevant thing that has been changed in 24.04 and undoing it may cause some exploit that was being checked through other means on 22.04 or if this is the right way of disabling this.
All in all, I am thinking to keep this whole feature/restriction same as the previous lts.
The question is beyond Docker as it is being anticipated that support of apparmor profiles in a large number of apps may take a long time.
I would appreciate any opinions of all this. The whole thing came as a surprise as I had a pleasent experience with .04.1 release previously. More context here and the comment above it.