GNU bug report logs - #45069
BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces

Previous Next

Full log

Message #43 received at 45069 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>, Marius Bakke
 <marius <at> gnu.org>
Cc: Guix Devel <guix-devel <at> gnu.org>, Pierre Neidhardt <mail <at> ambrevar.xyz>,
 45069 <at> debbugs.gnu.org, Paul Garlick <pgarlick <at> tourbillion-technology.com>,
 Jesse Dowell <jesse.dowell <at> gmail.com>
Subject: bug#45069: Guix System: unprivileged user cannot create user
 namespaces?
Date: Mon, 07 Dec 2020 18:35:28 +0100

Hi,

On Mon, 07 Dec 2020 at 18:13, Pierre Neidhardt <mail <at> ambrevar.xyz> wrote:

>> Can you try, as root on Guix System:
>>
>> $ echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> -bash: /proc/sys/kernel/unprivileged_userns_clone: No such file or directory

In gnu/build/linux-container.scm, it reads:

--8<---------------cut here---------------start------------->8---
(define (unprivileged-user-namespace-supported?)
  "Return #t if user namespaces can be created by unprivileged users."
  (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
    (if (file-exists? userns-file)
        (eqv? #\1 (call-with-input-file userns-file read-char))
        #t)))
--8<---------------cut here---------------end--------------->8---

Does it mean that the Linux kernel on Guix System does not support
namespaces by unprivileged users?

Turning #t to #f should work on Guix System and it appears to me a
severe bug if not.  What do I miss?  Please could someone fill my gap? :-)


All the best,
simon

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.