To sum it up, there's a chance that in Ubuntu 23.10+ and distributions based on them, the Chromium Sandbox might need to be disabled (or at least the userns portion of it) in the same manner it currently is on Debian in the installation script. Because these changes haven't landed yet it's difficult to test in advance, but one to keep an eye on.
Ubuntu 23.10 has landed today and the feature of concern isn't turned on by default. However the latest discussion I can find would imply it still will be enabled by default as an update to 23.10 after a few weeks to gather feedback.
It can be enabled temporarily with echo 1 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns, and disabled by either using echo 0 instead or rebooting, as the above command only lasts for one boot.
Unfortunately I can't get access to a machine to test on myself.
I think that the easiest fix for this will be making the change here:
An alternative would be creating an AppArmor profile for Joplin. However, this would (if I understand it correctly) cause the installer to need root privileges to install the profile...
In addition to needing sudo to create the AppArmor profile, you'd also need to be placing the binary in a predictable location. This location shouldn't be user-writable, or it defeats the purpose of the protection, as the user could just swap the executable.
I don't think Joplin (or any Electron package that's distributed "raw") would be able to get out of needing a proper .deb package, or using --no-sandbox.
Mind, you might be able to bypass the issue by running Joplin with sudo, since then the namespace doesn't count as unprivileged; but then you're trusting that the sandbox is properly dropping the permissions it has. It should do, and Electron should refuse to run as root unless it's capable of dropping those permissions, but still feels in poor taste to me.
In theory then you could also add the SUID bit to the AppImage via the script allowing it to run as root without prompting, but again, you'd then not want this to be user-writable, or you're giving root to anything capable of changing the contents of the file.
Edit: Alternatively, maybe adding CAP_SYS_ADMIN to the AppImage would be sufficient.
Ubuntu 22.04 won't offer an upgrade to 24.04 until July (alongside 24.04.1), but there could possibly be a rise in bug reports relating to this from people who have done the upgrade from a previous version of Ubuntu but haven't re-run the installation script since.