From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 2P0lGDhFzV/5dQAA0tVLHw (envelope-from ) for ; Sun, 06 Dec 2020 20:55:20 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1 with LMTPS id WUnNEzhFzV9vYAAAbx9fmQ (envelope-from ) for ; Sun, 06 Dec 2020 20:55:20 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 0E2719404CF for ; Sun, 6 Dec 2020 20:55:20 +0000 (UTC) Received: from localhost ([::1]:50882 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1km13v-0006WC-1K for larch@yhetil.org; Sun, 06 Dec 2020 15:55:19 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35044) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1km13k-0006UR-OX for guix-devel@gnu.org; Sun, 06 Dec 2020 15:55:08 -0500 Received: from mail-lj1-x244.google.com ([2a00:1450:4864:20::244]:40389) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1km13i-0005Ye-VD for guix-devel@gnu.org; Sun, 06 Dec 2020 15:55:08 -0500 Received: by mail-lj1-x244.google.com with SMTP id x23so5832371lji.7 for ; Sun, 06 Dec 2020 12:55:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=M2ZxuhXA1dI2A8DeDu2HmhgKp3EiV+6O8zbm4H7bkJk=; b=mfhfzMfrbcRtwQpuCznv4dKdTLAXqRGBiulmTdJK2d/QQiiUKvzBcEMGvSQ1UE0kHT GLFPOhKyYe1SDdRxvw2fAr1uI+f43OEC71IAqAw03Jwp8FRA9/To0x2FFFVTYkEOE1gp dykhhtVKOpB+onr6F6GZIY0Tzh8WShJoSYUx9P78LSQYLHbKZ1b+AUS7T0/8YmNHfGcp dzuyeBmypUdrdZ4mnVKbu2I8+KtTR1azJVgfNrP63be+HoJtrp24VHoTyzyZlUaGji7f 2o62tt1VgiDnwR2FGPOLy7g0CSD8koKl/SLzz4MIJVJ6PeOyh37VpyDyOf1+YgeqW8yR lXDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=M2ZxuhXA1dI2A8DeDu2HmhgKp3EiV+6O8zbm4H7bkJk=; b=qmOPzDFqIx+/vaCHSENNXsSNRRzuawB4EZckVkQ/kXIZOA0y0pL33+li6n6ogs2Hdd z2W98OKsxz76e+F06sU98EDtoCwpeB9s6Bh8Uedrw8SFFQ5LhkvW6yU07BVZg5J740Om ygOi+DcGErT2nEY/LssC0XVolGXY52SKjbJ94CVFPOAtQ4rjb26t5v1mZkoGVKpQPKf2 uXp+ztWkjrUGmlSsbLbb+E2sIhnHSMG/dhRxqF3s94BOfZQNXDwtcA47U+jvYMFZVm7/ tIrdKi7URKI1hAXzHNM+5Rlmwbih8aZHiOUcMg2ndDWrpiSKBP6NZp6lwR3jA+sVhJvs BtOQ== X-Gm-Message-State: AOAM5305042Di78ErxAz1SkGUPQt4aQGDamyhUOQ+N9gcSI1g+u+tpC8 Q5LZS6pwRkqjTdrIM2YFOc1GFIWYEuRdw+/mPz4= X-Google-Smtp-Source: ABdhPJwYB2uD+Y79eEPkXlmQD4ie+dbBhilTKFVprop1VK95lArPQb3KdHQ0W0P7+u7S4t+zYPfle3cWYSzXEJGSxZU= X-Received: by 2002:a05:651c:2dc:: with SMTP id f28mr1496659ljo.13.1607288104216; Sun, 06 Dec 2020 12:55:04 -0800 (PST) MIME-Version: 1.0 References: <20201204185537.qhapfbyaq7cr5lkr@thebird.nl> <4556420c9440a6c34df93213e3934176e214483f.camel@yasuaki.com> <86eek2an53.fsf@gmail.com> In-Reply-To: <86eek2an53.fsf@gmail.com> From: Jesse Dowell Date: Sun, 6 Dec 2020 15:54:52 -0500 Message-ID: Subject: Re: bug#45069: BUG: Re: guix environment: error: cannot create container: unprivileged user cannot create user namespaces To: zimoun Content-Type: multipart/alternative; boundary="00000000000080eac605b5d1eca8" Received-SPF: pass client-ip=2a00:1450:4864:20::244; envelope-from=jesse.dowell@gmail.com; helo=mail-lj1-x244.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Guix Devel , 45069@debbugs.gnu.org, pgarlick@tourbillion-technology.com Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: 0.30 Authentication-Results: aspmx1.migadu.com; dkim=fail (headers rsa verify failed) header.d=gmail.com header.s=20161025 header.b=mfhfzMfr; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 0E2719404CF X-Spam-Score: 0.30 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: agbnbgm9NoJE --00000000000080eac605b5d1eca8 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hi All, I believe the recommended suggestion is Debian specific is it not? My kernel supports user namespaces and doesn't expose that file at that location. The only way I can work around the issue is to downgrade guix to the commit on the master branch right before 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e guix pull --commit=3D0d5d1bdf911659f60601058e8e1678187b7ba664 --allow-downgrades Best, Jesse On Sun, Dec 6, 2020 at 12:03 PM zimoun wrote: > Hi, > > Please try the recommendation. Have you tried it? > > please set /proc/sys/kernel/unprivileged_userns_clone to "1" > > As root, you just do: > > echo 1 > /proc/sys/kernel/unprivileged_userns_clone > > then =E2=80=9Cguix environment -C=E2=80=9D should work as expected. To d= o the trick > automatically with Sheperd, I do not know, but I am sure that the > systemd equivalent > > echo "kernel.unprivileged_userns_clone =3D 1" > /etc/sysctl.d/local.con= f > sysctl --system > > seems doable with Guix System. > > > On my system, and I need explanations if it does not work similarly on > yours, I simply do: > > --8<---------------cut here---------------start------------->8--- > $ guix environment -C --ad-hoc hello -- hello > guix environment: error: cannot create container: unprivileged user canno= t > create user namespaces > guix environment: error: please set > /proc/sys/kernel/unprivileged_userns_clone to "1" > > $ su - > Password: > # echo 1 > /proc/sys/kernel/unprivileged_userns_clone > # logout > > $ guix environment -C --ad-hoc hello -- hello > Hello, world! > --8<---------------cut here---------------end--------------->8--- > > Hope that helps, > simon > > > > --00000000000080eac605b5d1eca8 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Hi All,

I believe the recomm= ended suggestion is Debian specific is it not?

My = kernel supports user namespaces and doesn't expose that file at that lo= cation.

The only way I can work around the issue i= s to downgrade guix to the commit on the master branch right before=C2=A08b= c5ca5160db3d82bd5b6b2b7ed80c96f42bd33e

guix pull -= -commit=3D0d5d1bdf911659f60601058e8e1678187b7ba664 --allow-downgrades
=

Best,
Jesse

On Sun, Dec 6, 2020 at 12:03 PM zi= moun <zimon.toutoune@gmail.c= om> wrote: