[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#45069: Guix System: unprivileged user cannot create user namespaces?
From: |
Vagrant Cascadian |
Subject: |
bug#45069: Guix System: unprivileged user cannot create user namespaces? |
Date: |
Mon, 07 Dec 2020 09:55:31 -0800 |
On 2020-12-07, zimoun wrote:
> On Mon, 07 Dec 2020 at 18:13, Pierre Neidhardt <mail@ambrevar.xyz> wrote:
>
>>> Can you try, as root on Guix System:
>>>
>>> $ echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>>
>> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>> -bash: /proc/sys/kernel/unprivileged_userns_clone: No such file or directory
>
> In gnu/build/linux-container.scm, it reads:
>
> --8<---------------cut here---------------start------------->8---
> (define (unprivileged-user-namespace-supported?)
> "Return #t if user namespaces can be created by unprivileged users."
> (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
> (if (file-exists? userns-file)
> (eqv? #\1 (call-with-input-file userns-file read-char))
> #t)))
> --8<---------------cut here---------------end--------------->8---
>
> Does it mean that the Linux kernel on Guix System does not support
> namespaces by unprivileged users?
> Turning #t to #f should work on Guix System and it appears to me a
> severe bug if not. What do I miss? Please could someone fill my gap? :-)
The /proc/sys/kernel_unprivileged_userns_clone file is specific to
Debian and Ubuntu packaged linux kernel; it is a patchset not applied
upstream, as far as I am aware. I'm not sure if other distros support
disabling and enabling this feature using this mechanism.
https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/patches/debian/add-sysctl-to-disallow-unprivileged-CLONE_NEWUSER-by-default.patch
live well,
vagrant
signature.asc
Description: PGP signature
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, yasu, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Tobias Geerinckx-Rice, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, zimoun, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, yasu, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Jesse Dowell, 2020/12/06
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Pierre Neidhardt, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Paul Garlick, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Yasuaki Kudo, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Pierre Neidhardt, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, zimoun, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?,
Vagrant Cascadian <=
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, zimoun, 2020/12/07
- bug#45069: Guix System: unprivileged user cannot create user namespaces?, Bengt Richter, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Paul Garlick, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, Pierre Neidhardt, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, zimoun, 2020/12/07
- bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces, zimoun, 2020/12/07