From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eIJdFpPSyl9GcwAA0tVLHw (envelope-from ) for ; Sat, 05 Dec 2020 00:21:39 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id +C8lEpPSyl84MwAA1q6Kng (envelope-from ) for ; Sat, 05 Dec 2020 00:21:39 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C2D6E9404FC for ; Sat, 5 Dec 2020 00:21:38 +0000 (UTC) Received: from localhost ([::1]:53550 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1klLKT-00010s-L9 for larch@yhetil.org; Fri, 04 Dec 2020 19:21:37 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:36562) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1klLJs-00010B-7D for guix-devel@gnu.org; Fri, 04 Dec 2020 19:21:01 -0500 Received: from mail1.g12.pair.com ([66.39.4.99]:25591) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1klLJq-00031F-52 for guix-devel@gnu.org; Fri, 04 Dec 2020 19:20:59 -0500 Received: from mail1.g12.pair.com (localhost [127.0.0.1]) by mail1.g12.pair.com (Postfix) with ESMTP id 1ECD6730D2; Fri, 4 Dec 2020 19:20:57 -0500 (EST) Received: from guix.local (w135107.ppp.asahi-net.or.jp [121.1.135.107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail1.g12.pair.com (Postfix) with ESMTPSA id 1ACF9730F8; Fri, 4 Dec 2020 19:20:55 -0500 (EST) Message-ID: <4556420c9440a6c34df93213e3934176e214483f.camel@yasuaki.com> Subject: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces From: yasu To: Pjotr Prins , zimoun Date: Sat, 05 Dec 2020 09:20:53 +0900 In-Reply-To: <20201204185537.qhapfbyaq7cr5lkr@thebird.nl> References: <20201204185537.qhapfbyaq7cr5lkr@thebird.nl> Content-Type: multipart/related; type="multipart/alternative"; boundary="=-jrMtzK0Q9ooE5wycuU4J" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: none client-ip=66.39.4.99; envelope-from=yasu@yasuaki.com; helo=mail1.g12.pair.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -2.29 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: C2D6E9404FC X-Spam-Score: -2.29 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: RRCBEAi47Kic --=-jrMtzK0Q9ooE5wycuU4J Content-Type: multipart/alternative; boundary="=-n3aAkgKTsdE3crg62N8e" --=-n3aAkgKTsdE3crg62N8e Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Hi Pj, Thank you for you reply (and your wonderful Hacking Guide https://gitlab.com/pjotrp/guix-notes/blob/master/HACKING.org)! I tried the command and it didn't work... I use Guix System (not a foreign distribution) as described at the bottom :-) -Yasu On Fri, 2020-12-04 at 19:55 +0100, Pjotr Prins wrote: > On Fri, Dec 04, 2020 at 05:32:08PM +0100, zimoun wrote: > > Have you tried to do the recommandation? > > > > please set /proc/sys/kernel/unprivileged_userns_clone to "1" > > As root: > > echo 1 > /proc/sys/kernel/unprivileged_userns_clone > > Yes, it is common on Debian and such. > > Pj. root@guix ~# echo 1 > /proc/sys/kernel/unprivileged_userns_clone -bash: /proc/sys/kernel/unprivileged_userns_clone: No such file or directory root@guix ~# guix system describe Generation 5631 Dec 05 2020 09:09:16 (current) file name: /var/guix/profiles/system-5631-link canonical file name: /gnu/store/qqzk4kvrhxjcia3hcq3xqrcdi36azzz9- system label: GNU with Linux 5.9.12 bootloader: grub-efi root device: label: "my-root" kernel: /gnu/store/9a93vpq4aa1c3adiaaa3blwc18r9r7zz-linux- 5.9.12/bzImage channels: guix: repository URL: https://git.savannah.gnu.org/git/guix.git branch: master commit: 86d635b85035086d21c319f31f628761df5c82e5 nonguix: repository URL: https://gitlab.com/nonguix/nonguix branch: master commit: b08ea529d4d36468b20ef4aff6dc87b3de0eff70 guix-chromium: repository URL: https://gitlab.com/mbakke/guix-chromium.git branch: master commit: 2de450b92e5f2624d4f964407686934e22239f7b configuration file: /gnu/store/hlma107m2004g6qq00ihm190am5mh9z0- configuration.scm --=-n3aAkgKTsdE3crg62N8e Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
Hi Pj,

Thank you for you reply (and your = wonderful Hacking Guide https://gitlab.com/pjotrp/guix-notes/blob/master= /HACKING.org)!

I tried the command and it didn= 't work...

I use Guix System (not a foreign distr= ibution) as described at the bottom 3D":-)"

= -Yasu


On Fri, 2020-12-04 at 19:55 += 0100, Pjotr Prins wrote:
On Fri, Dec 0= 4, 2020 at 05:32:08PM +0100, zimoun wrote:
=
Have you tried to do the recommandation?

&nbs= p;    please set /proc/sys/kernel/unprivileged_userns_c= lone to "1"

As root:

echo 1 > /proc/sys/kernel/unprivileged_userns_clone
<= br>
Yes, it is common on Debian and such.

Pj.


root@guix ~# echo 1 > /proc/sys/kernel/unprivile= ged_userns_clone
-bash: /proc/sys/kernel/unprivileged_user= ns_clone: No such file or directory

root@guix ~# guix system describe
Generati= on 5631 Dec 05 2020 09:09:16 (current)
  file name: /var/gui= x/profiles/system-5631-link
  canonical file name: /gnu/stor= e/qqzk4kvrhxjcia3hcq3xqrcdi36azzz9-system
  label: GNU with = Linux 5.9.12
  bootloader: grub-efi
  root de= vice: label: "my-root"
  kernel: /gnu/store/9a93vpq4aa1c3adi= aaa3blwc18r9r7zz-linux-5.9.12/bzImage
  channels:
=     guix:
      = ;repository URL: http= s://git.savannah.gnu.org/git/guix.git
    = ;  branch: master
      c= ommit: 86d635b85035086d21c319f31f628761df5c82e5
   = ; nonguix:
      repository UR= L: https://gitlab.com/nongui= x/nonguix
      branch: master<= /div>
      commit: b08ea529d4d36468b20ef= 4aff6dc87b3de0eff70
    guix-chromium:
<= div>      repository URL: https://gitlab.com/mbakke/guix-chromiu= m.git
      branch: master
      commit: 2de450b92e5f2624d4f964407= 686934e22239f7b
  configuration file: /gnu/store/hlma107m200= 4g6qq00ihm190am5mh9z0-configuration.scm
--=-n3aAkgKTsdE3crg62N8e-- --=-jrMtzK0Q9ooE5wycuU4J Content-ID: Content-Type: image/png; name="face-smile.png" Content-Disposition: inline; filename="face-smile.png" Content-Transfer-Encoding: base64 iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAADLklEQVR4AV2MA5Q0uRpAb6raPTj9 G2PjvbVt27btPV7btm3btjW23Swklax5P1PwH+49bYNqQsHhEdvaCSGWasA2esRV5mktwrcdfPHb ffyDvx48uvvutqwaugzLOqp1hapwWXNrKDZvHgKBm04z3NYuv/q8TSlf3Vg8UnHmHo89Fvz14K2z NwoN5bxXFqbia627w26JSCqJ1m2YsAtohB9BmDoCJ8lbTz9YGBic+HDBZPVWvz6xATZbZck184oj 22+0x9EJCt/x2HOP8tNImtY1yrBiYYzJcs4591PMBOtufWh4rLdtyZA3OP/lL0dfsW49Zb0GP9CH rrvptgk59iHBzPv80OfyXXsaEYnBrxZP8nVHnm+/+xav42E2226vhA9HnnfQSvWWdOWxDYsSkUhp GX73sxgM0YggHrMB/ZsJo3+ro1GBGvkQy59lrZbaiPKCY+wtVl58y9or/T8V8kbQ6R+xYxESC1PU NS5h+fIoKB9yGVRWsmalJildtONTvPT/1idff7c45AVmcbJkAbmxL8lMeywpcVh1SQx7sYuZGAYD Opdll1UVctwlyEqmhrsRDWvhSJaGPGmEk5sjYiRaKp5+d5bKSklzs0/J/CQC0I6DM5Pn+x+z/NSd p26Jw8orhfEDbYWklFMD/e3L6lI28+yALf8/j++nI9zxxBhYGtsSKD8gn1O0lpWySWsR84oX0N/5 FVKqyV8emJe/6ug7qHyVWgtXEcpMseKiJayywoZIO4lUGtuOYCsXPfY9argNv6SaT77+VkulXxIn 7NS0qkXw7naV+URDkcQSWXQ8ihQW0ooRiDg68LC8LLFAETIJevQC7vrMLfi+Wc/+pG1qdNX6eSsN p2VNqZkIF2tFKDCIQKOlT1DII1yHqPTB8emd83iyXThpx3r2kfcGrrcBVm6MvZDzYrsNFqLF8VAh bAUBESUJKUX4F8OXzLma7qzguYF5zng+2i0Cs92PQxkl+IP9t1icNCp2nzFmi9qSdKI2WRCpqAJg xgvRlYmb9tliB8RLrqsPeO6LkQKA4D/svE7l2rbQJwGbB1ACYAkyGF412Fc/+UHfx/yDnwGHuJ5z 2Cp4/gAAAABJRU5ErkJggg== --=-jrMtzK0Q9ooE5wycuU4J--