From 7f61a25b63225521d6b9882efeb1471e89c476df Mon Sep 17 00:00:00 2001
From: Dom Del Nano <ddelnano@gmail.com>
Date: Fri, 6 Sep 2024 21:00:24 +0000
Subject: [PATCH] Revert "Another attempt to remediate user namespace issues
 with ubuntu24 runners (#2010)"

This reverts commit 5dc122a5fcefd57605a49fe3a841ded9f8892203.

Signed-off-by: Dom Del Nano <ddelnano@gmail.com>
---
 .github/workflows/cli_release.yaml | 1 -
 ci/cli_build_release.sh            | 5 +++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/cli_release.yaml b/.github/workflows/cli_release.yaml
index e81f2e895f8..aaa3bc935f6 100644
--- a/.github/workflows/cli_release.yaml
+++ b/.github/workflows/cli_release.yaml
@@ -59,7 +59,6 @@ jobs:
         export TAG_NAME="${REF#*/tags/}"
         mkdir -p "artifacts/"
         export ARTIFACTS_DIR="$(realpath artifacts/)"
-        sysctl -w kernel.unprivileged_userns_clone=1
         ./ci/save_version_info.sh
         ./ci/cli_build_release.sh
     - name: Upload Github Artifacts
diff --git a/ci/cli_build_release.sh b/ci/cli_build_release.sh
index e19660eda8d..3fe43d7ed0a 100755
--- a/ci/cli_build_release.sh
+++ b/ci/cli_build_release.sh
@@ -53,7 +53,11 @@ bazel run -c opt --config=stamp //src/pixie_cli:push_px_image
 
 if [[ ! "$release_tag" == *"-"* ]]; then
   # Create rpm package.
+
+  # podman package depends on golang-github-containers-common, which
+  # provides the following seccomp profile.
   podman run -i --rm \
+    --security-opt seccomp=/usr/share/containers/seccomp.json \
     -v "${binary_dir}:/src/" \
     -v "$(pwd):/image" \
     docker.io/cdrx/fpm-fedora:24 \
@@ -69,6 +73,7 @@ if [[ ! "$release_tag" == *"-"* ]]; then
 
   # Create deb package.
   podman run -i --rm \
+    --security-opt seccomp=/usr/share/containers/seccomp.json \
     -v "${binary_dir}:/src/" \
     -v "$(pwd):/image" \
     docker.io/cdrx/fpm-ubuntu:18.04 \