[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45069: BUG: Re: guix environment: error: cannot create container: un
From: |
yasu |
Subject: |
bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces |
Date: |
Mon, 07 Dec 2020 05:51:05 +0900 |
User-agent: |
Evolution 3.34.2 |
Hi Zimoun,
I tried as you suggested but it didn't work...
root@guix ~# echo "kernel.unprivileged_userns_clone = 1" >
/etc/sysctl.d/local.conf
-bash: /etc/sysctl.d/local.conf: No such file or directory
root@guix ~# sysctl --system
root@guix ~# logout
~$ guix environment -C
guix environment: error: cannot create container: unprivileged user
cannot create user namespaces
guix environment: error: please set
/proc/sys/kernel/unprivileged_userns_clone to "1"
Now, if this posting were to be belived, I think this term
kernel.unprivileged_userns_clone
is specific to Debian Linux, and does not exist outside of that circle.
It disables a bit of "hardening" that Debian patches into their
distribution kernel. If you're not running such a kernel, it will
fail
and not do anything, as such a setting doesn't even exist in the
mainline Linux kernel.
I wonder how this term came in to Guix in the first place?
-Yasu
On Sun, 2020-12-06 at 17:56 +0100, zimoun wrote:
> Hi,
>
> Please try the recommendation. Have you tried it?
>
> please set /proc/sys/kernel/unprivileged_userns_clone to "1"
>
> As root, you just do:
>
> echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>
> then “guix environment -C” should work as expected. To do the trick
> automatically with Sheperd, I do not know, but I am sure that the
> systemd equivalent
>
> echo "kernel.unprivileged_userns_clone = 1" >
> /etc/sysctl.d/local.conf
> sysctl --system
>
> seems doable with Guix System.
>
>
> On my system, and I need explanations if it does not work similarly
> on
> yours, I simply do:
>
> --8<---------------cut here---------------start------------->8---
> $ guix environment -C --ad-hoc hello -- hello
> guix environment: error: cannot create container: unprivileged user
> cannot create user namespaces
> guix environment: error: please set
> /proc/sys/kernel/unprivileged_userns_clone to "1"
>
> $ su -
> Password:
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello
> Hello, world!
> --8<---------------cut here---------------end--------------->8---
>
> Hope that helps,
> simon
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, yasu, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Tobias Geerinckx-Rice, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, zimoun, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces,
yasu <=
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Jesse Dowell, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Pierre Neidhardt, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Paul Garlick, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Yasuaki Kudo, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Pierre Neidhardt, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, zimoun, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, Vagrant Cascadian, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, zimoun, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, Bengt Richter, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Paul Garlick, 2020/12/07