From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id CO8RHywlzl+7fAAA0tVLHw (envelope-from ) for ; Mon, 07 Dec 2020 12:50:52 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id +MrqGiwlzl/NNwAA1q6Kng (envelope-from ) for ; Mon, 07 Dec 2020 12:50:52 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0B2D59404CE for ; Mon, 7 Dec 2020 12:50:51 +0000 (UTC) Received: from localhost ([::1]:52888 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kmFyb-0007pS-QZ for larch@yhetil.org; Mon, 07 Dec 2020 07:50:49 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:55734) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kmFq6-00051o-LS for bug-guix@gnu.org; Mon, 07 Dec 2020 07:42:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:41281) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kmFq6-0008Hy-Cl for bug-guix@gnu.org; Mon, 07 Dec 2020 07:42:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kmFq6-0005bq-B3 for bug-guix@gnu.org; Mon, 07 Dec 2020 07:42:02 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces Resent-From: Yasuaki Kudo Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 07 Dec 2020 12:42:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 45069 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Paul Garlick Received: via spool by 45069-submit@debbugs.gnu.org id=B45069.160734490321534 (code B ref 45069); Mon, 07 Dec 2020 12:42:02 +0000 Received: (at 45069) by debbugs.gnu.org; 7 Dec 2020 12:41:43 +0000 Received: from localhost ([127.0.0.1]:52827 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmFpn-0005bG-5f for submit@debbugs.gnu.org; Mon, 07 Dec 2020 07:41:43 -0500 Received: from mail1.g12.pair.com ([66.39.4.99]:11039) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kmFpk-0005b1-Rb for 45069@debbugs.gnu.org; Mon, 07 Dec 2020 07:41:41 -0500 Received: from mail1.g12.pair.com (localhost [127.0.0.1]) by mail1.g12.pair.com (Postfix) with ESMTP id 19B8873077; Mon, 7 Dec 2020 07:41:35 -0500 (EST) Received: from [10.11.12.14] (w135107.ppp.asahi-net.or.jp [121.1.135.107]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail1.g12.pair.com (Postfix) with ESMTPSA id DEF0D73058; Mon, 7 Dec 2020 07:41:34 -0500 (EST) Content-Type: multipart/alternative; boundary=Apple-Mail-C51CEC77-DB62-4B83-A703-8AF303F29ED9 Content-Transfer-Encoding: 7bit From: Yasuaki Kudo Mime-Version: 1.0 (1.0) Date: Mon, 7 Dec 2020 21:41:32 +0900 Message-Id: References: <1f56aef4d7b707826f34413672408e33385bbc6a.camel@tourbillion-technology.com> In-Reply-To: <1f56aef4d7b707826f34413672408e33385bbc6a.camel@tourbillion-technology.com> X-Mailer: iPhone Mail (18B92) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel , 45069@debbugs.gnu.org, Pierre Neidhardt , Jesse Dowell Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -0.30 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 0B2D59404CE X-Spam-Score: -0.30 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: qEYUnu2EE7rl --Apple-Mail-C51CEC77-DB62-4B83-A703-8AF303F29ED9 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Just FYI (sorry to interject) , my original email was stripped of html eleme= nts? anyway, I was referring to this link https://security.stackexchange.co= m/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do#co= mment442083_209533 -Yasu > On Dec 7, 2020, at 21:31, Paul Garlick wrote: >=20 > =EF=BB=BFHi Pierre, >=20 > Can you try, as root on Guix System: >=20 > $ echo 1 > /proc/sys/kernel/unprivileged_userns_clone >=20 > If you could report success or failure that would be helpful; the > unprivileged-user-namespace-supported? test in gnu/build/linux- > container.scm should be the same irrespective of the underlying > distribution (Debian, CentOS, Guix System ...). >=20 > Best regards, >=20 > Paul. >=20 >> On Mon, 2020-12-07 at 12:57 +0100, Pierre Neidhardt wrote: >> Hi! >>=20 >> I can reproduce the issue since I 'recondigure'd my Guix System. >> I'm on cebfb29abb151ede95696181d2446c63504593d7. >>=20 >> Guix' bug? >>=20 >>=20 >=20 >=20 --Apple-Mail-C51CEC77-DB62-4B83-A703-8AF303F29ED9 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable
Just FYI (sorry to interje= ct) , my original email was stripped of html elements?  anyway, I was r= eferring to this link https://security.stackexchange.com/questions/209529/what-does= -enabling-kernel-unprivileged-userns-clone-do#comment442083_209533 = -Yasu

On Dec 7, 2020, a= t 21:31, Paul Garlick <pgarlick@tourbillion-technology.com> wrote:
=
=EF=BB=BF<= span>Hi Pierre,

Can you try, as root on Gui= x System:

$ echo 1 > /proc/sys/kernel/un= privileged_userns_clone

If you could report= success or failure that would be helpful; the
unprivileged-= user-namespace-supported? test in gnu/build/linux-
container= .scm should be the same irrespective of the underlying
distr= ibution (Debian, CentOS, Guix System ...).

= Best regards,

Paul.
=
On Mon, 2020-12-07 at 12:57 +0100, Pierre Neidhardt wrote:<= br>
Hi!

I c= an reproduce the issue since I 'recondigure'd my Guix System.
I'm on cebfb29abb151ede95696181d244= 6c63504593d7.
=
Guix' bug?



= --Apple-Mail-C51CEC77-DB62-4B83-A703-8AF303F29ED9--