I’m working on a program that uses user namespaces, the program will be installable as a binary from GitHub releases or build and installed from source.
Obviously, on Ubuntu, the program requires an AppArmor profile to allow the use of user namespaces.
I wonder if documentation for such a program should recommend Ubuntu users to install the program to /usr/local/bin, so the executable is owned and writable by root-only, something like:
sudo install -m 755 foobar /usr/local/bin/
Or is it fine to recommend installation in the user home dir, as is commonly done for third-party programs that do not require user namespaces:
install -m 755 foobar ~/.local/bin/
In the second case, if the user account is compromised, the attacker is easily able to get access to user namespaces by replacing the .local/bin/foobar binary. On the other hand, on single user desktop systems, if the user account is compromised, the whole system can be assumed to be compromised, so the ability of the attacker to bypass AppArmor restrictions does not seem substantial.
Is there recommended practice for programs like mine? Would you consider AppArmor profile that grants user namespaces access to executable not owned by root something that weakens security of the system and should be avoided?