* bug#64014: guix pack regression
@ 2023-06-12 12:59 André A. Gomes
2023-06-15 15:57 ` Ludovic Courtès
0 siblings, 1 reply; 6+ messages in thread
From: André A. Gomes @ 2023-06-12 12:59 UTC (permalink / raw)
To: 64014
Hello Guix,
I've produced a guix pack with the same command that I've always used
(which includes passing the -RR flag), but I now get the following
message:
--8<---------------cut here---------------start------------->8---
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
--8<---------------cut here---------------end--------------->8---
Any ideas? Thanks.
Guix version:
--8<---------------cut here---------------start------------->8---
guix f36b8a9
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: f36b8a9763087d2b9d3705595fbc34b054297ab8
--8<---------------cut here---------------end--------------->8---
--
André A. Gomes
"You cannot even find the ruins..."
^ permalink raw reply [flat|nested] 6+ messages in thread* bug#64014: guix pack regression
2023-06-12 12:59 bug#64014: guix pack regression André A. Gomes
@ 2023-06-15 15:57 ` Ludovic Courtès
2023-06-15 16:10 ` André A. Gomes
0 siblings, 1 reply; 6+ messages in thread
From: Ludovic Courtès @ 2023-06-15 15:57 UTC (permalink / raw)
To: André A. Gomes; +Cc: 64014
Hi,
André A. Gomes <andremegafone@gmail.com> skribis:
> I've produced a guix pack with the same command that I've always used
> (which includes passing the -RR flag), but I now get the following
> message:
>
> bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
This message is apparently from bubblewrap, not from Guix.
I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
runs in a separate user namespace and might be unable to create one (?).
HTH,
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#64014: guix pack regression
2023-06-15 15:57 ` Ludovic Courtès
@ 2023-06-15 16:10 ` André A. Gomes
2023-06-17 14:08 ` Ludovic Courtès
0 siblings, 1 reply; 6+ messages in thread
From: André A. Gomes @ 2023-06-15 16:10 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 64014
Ludovic Courtès <ludo@gnu.org> writes:
> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
> runs in a separate user namespace and might be unable to create one (?).
Hi Ludovic,
Thanks for the answer. You've helped me to figure it out. The guix
pack I've created has webkitgtk in it, which in turn uses bubblewrap.
However, I didn't have this issue in the past. It could be that
webkitgtk changed something in their logic perhaps. I'd have to look
deeper.
Another strategy would be to try to reproduce your recipe in an older
Guix version to see what happens (guix pack -R bubblewrap followed by
bwrap).
--
André A. Gomes
"You cannot even find the ruins..."
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#64014: guix pack regression
2023-06-15 16:10 ` André A. Gomes
@ 2023-06-17 14:08 ` Ludovic Courtès
2023-06-30 14:56 ` André A. Gomes
0 siblings, 1 reply; 6+ messages in thread
From: Ludovic Courtès @ 2023-06-17 14:08 UTC (permalink / raw)
To: André A. Gomes; +Cc: 64014
Hi,
André A. Gomes <andremegafone@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
>> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
>> runs in a separate user namespace and might be unable to create one (?).
[...]
> Another strategy would be to try to reproduce your recipe in an older
> Guix version to see what happens (guix pack -R bubblewrap followed by
> bwrap).
Yes, that’d be great. If you still have that older pack that didn’t
have the problem, you could also run it under ‘strace -f -o
/tmp/log.strace’ to see what happens before the failure.
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#64014: guix pack regression
2023-06-17 14:08 ` Ludovic Courtès
@ 2023-06-30 14:56 ` André A. Gomes
2023-07-10 21:30 ` Ludovic Courtès
0 siblings, 1 reply; 6+ messages in thread
From: André A. Gomes @ 2023-06-30 14:56 UTC (permalink / raw)
To: Ludovic Courtès; +Cc: 64014
Ludovic Courtès <ludo@gnu.org> writes:
> Yes, that’d be great. If you still have that older pack that didn’t
> have the problem, you could also run it under ‘strace -f -o
> /tmp/log.strace’ to see what happens before the failure.
Ludovic, I didn't reach any meaningful conclusion. Please close this
issue. Thanks.
--
André A. Gomes
"You cannot even find the ruins..."
^ permalink raw reply [flat|nested] 6+ messages in thread
* bug#64014: guix pack regression
2023-06-30 14:56 ` André A. Gomes
@ 2023-07-10 21:30 ` Ludovic Courtès
0 siblings, 0 replies; 6+ messages in thread
From: Ludovic Courtès @ 2023-07-10 21:30 UTC (permalink / raw)
To: André A. Gomes; +Cc: 64014-done
André A. Gomes <andremegafone@gmail.com> skribis:
> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Yes, that’d be great. If you still have that older pack that didn’t
>> have the problem, you could also run it under ‘strace -f -o
>> /tmp/log.strace’ to see what happens before the failure.
>
> Ludovic, I didn't reach any meaningful conclusion. Please close this
> issue. Thanks.
Done!
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2023-07-10 21:31 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-06-12 12:59 bug#64014: guix pack regression André A. Gomes
2023-06-15 15:57 ` Ludovic Courtès
2023-06-15 16:10 ` André A. Gomes
2023-06-17 14:08 ` Ludovic Courtès
2023-06-30 14:56 ` André A. Gomes
2023-07-10 21:30 ` Ludovic Courtès
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).