GNU bug report logs - #45069
BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces

Previous Next

Package: guix;

Reported by: yasu <yasu <at> yasuaki.com>

Date: Sun, 6 Dec 2020 12:42:02 UTC

Severity: normal

Merged with 45066

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 45069 <at> debbugs.gnu.org (full text, mbox):

From: Jesse Dowell <jesse.dowell <at> gmail.com>
To: zimoun <zimon.toutoune <at> gmail.com>
Cc: yasu <at> yasuaki.com, Guix Devel <guix-devel <at> gnu.org>,
 pjotr.public12 <at> thebird.nl, 45069 <at> debbugs.gnu.org,
 pgarlick <at> tourbillion-technology.com
Subject: Re: bug#45069: BUG: Re: guix environment: error: cannot create
 container: unprivileged user cannot create user namespaces
Date: Sun, 6 Dec 2020 15:54:52 -0500

[Message part 1 (text/plain, inline)]
Hi All,

I believe the recommended suggestion is Debian specific is it not?

My kernel supports user namespaces and doesn't expose that file at that
location.

The only way I can work around the issue is to downgrade guix to the commit
on the master branch right before 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e

guix pull --commit=0d5d1bdf911659f60601058e8e1678187b7ba664
--allow-downgrades

Best,
Jesse

On Sun, Dec 6, 2020 at 12:03 PM zimoun <zimon.toutoune <at> gmail.com> wrote:

> Hi,
>
> Please try the recommendation. Have you tried it?
>
>   please set /proc/sys/kernel/unprivileged_userns_clone to "1"
>
> As root, you just do:
>
>   echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>
> then “guix environment -C” should work as expected.  To do the trick
> automatically with Sheperd, I do not know, but I am sure that the
> systemd equivalent
>
>   echo "kernel.unprivileged_userns_clone = 1" > /etc/sysctl.d/local.conf
>   sysctl --system
>
> seems doable with Guix System.
>
>
> On my system, and I need explanations if it does not work similarly on
> yours, I simply do:
>
> --8<---------------cut here---------------start------------->8---
> $ guix environment -C --ad-hoc hello -- hello
> guix environment: error: cannot create container: unprivileged user cannot
> create user namespaces
> guix environment: error: please set
> /proc/sys/kernel/unprivileged_userns_clone to "1"
>
> $ su -
> Password:
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello
> Hello, world!
> --8<---------------cut here---------------end--------------->8---
>
> Hope that helps,
> simon
>
>
>
>

[Message part 2 (text/html, inline)]
This bug report was last modified 4 years and 136 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.