# This profile allows everything and only exists to give the
# temporary browser profile we create for Electron/Chromium sandbox
# the ability to use user namespaces (unprivileged user namespaces are
# restricted by default in Ubuntu 24.04+).
# Ref: https://github.com/nicholasbishop/nicholasbishop.github.io/blob/main/_posts/2024-11-10-apparmor-for-unprivileged-user-namespaces.md

abi <abi/4.0>,
include <tunables/global>

profile trae /usr/share/trae/trae flags=(unconfined) {
  userns,

  include if exists <local/trae>
}
