#!/bin/bash

OS_RELEASE=`uname -r`
OS_CONFIG="/boot/config-${OS_RELEASE}"
UNPRIVILEGED_USERNS_CLONE_SWITCH="/proc/sys/kernel/unprivileged_userns_clone"

# Assume that the user name space feature is disabled
USER_NS=n
UNPRIVILEGED_USERNS_CLONE=1

# Check if the user name space feature is enabled in the kernel config
if [ -f $OS_CONFIG ]; then
        USER_NS=`cat $OS_CONFIG | sed -n 's/^CONFIG_USER_NS=//p'`
fi

# Check the state of the user name space feature switch
if [ -f $UNPRIVILEGED_USERNS_CLONE_SWITCH ]; then
        UNPRIVILEGED_USERNS_CLONE=`cat $UNPRIVILEGED_USERNS_CLONE_SWITCH`
fi

if [ $USER_NS == 'y' ] && [ $UNPRIVILEGED_USERNS_CLONE != 0 ]; then
        "${BASH_SOURCE%/*}"/$APP_NAME.bin "$@"
else
        echo "ATTENTION: Sandboxing of this app has been disabled since the user namespace feature of your OS is disabled."
        echo "Please enable user namespaces or use the deb package."
        "${BASH_SOURCE%/*}"/$APP_NAME.bin "$@" --no-sandbox
fi