From 02ab8dfc4f804375266dd8313e6e507a7e36a26b Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 18 Mar 2026 12:24:34 +0100 Subject: [PATCH] ci: Enable unpriv user namespaces for claude-review Required for bubblewrap to work properly. --- .github/workflows/claude-review.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/claude-review.yml b/.github/workflows/claude-review.yml index 168e658e8a3..926f28dd356 100644 --- a/.github/workflows/claude-review.yml +++ b/.github/workflows/claude-review.yml @@ -163,7 +163,9 @@ jobs: name: pr-context.json - name: Install sandbox dependencies - run: sudo apt-get update && sudo apt-get install -y bubblewrap socat + run: | + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 + sudo apt-get update && sudo apt-get install -y bubblewrap socat - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7