This should output 1:
Code:
sysctl -n kernel.apparmor_restrict_unprivileged_userns
In your earlier command, `apparmor_parser -r /etc/apparmor.d/bwrap` only work until reboot.
Try to remove `/etc/apparmor.d/bwrap`:
Code:
sudo rm /etc/apparmor.d/bwrap
sudo systemctl reload apparmor.service
Try to run bwrap:
Code:
bwrap --dev-bind / / -- echo hello
If it's still blocked, you'll have to figure out what apparmor profile is blocking it.