# Permit unprivileged user namespace creation for apptainer starter
abi <abi/4.0>,
include <tunables/global>

profile apptainer /usr/libexec/apptainer/bin/starter{,-suid} flags=(unconfined) {
  userns,

  # Site-specific additions and overrides. See local/README for details.
  include if exists <local/apptainer>
}

