Add note about AppArmor restricting unprivileged namespaces in Ubuntu 24.04 to README

[BolunThompson]

Commit 18a365c addressed this in CI, but it took a couple minutes to find the (arguably insecure) fix myself, so it would be convenient to mention this in the docs. Here’s the original bug report I wrote on this:

Starting in Ubuntu 23.10, AppArmor prevents unprivileged applications without a profile from creating namespaces.

This causes ./configure to fail with “try needs unshare to work, but could not run unshare.”

The easy solution is to run sudo sysctl kernel.apparmor_restrict_unprivileged_userns=0 to disable the apparmor restriction. Another solution would be to provide a PPA or a .deb installable that sets up the apparmor profile.

[ezrizhu]

thanks, we should document this better.

i can we can do both or either

• add a blob of text about this on the readme
• add a blob of text on ./configure fail of unshare

cc @mgree
related: #129 #104

[mgree]

My prioritization:

1. Detect the issue at runtime and issue a warning.
2. Detect the issue at configure time and issue a warning.
3. Create a .deb with an AppArmor profile for try.
4. Do the comparable thing to (3) for SELinux?