From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id EJqmMWRbyl/EQgAA0tVLHw (envelope-from ) for ; Fri, 04 Dec 2020 15:53:08 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2 with LMTPS id uD+KLWRbyl+kewAAB5/wlQ (envelope-from ) for ; Fri, 04 Dec 2020 15:53:08 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 46384940253 for ; Fri, 4 Dec 2020 15:53:08 +0000 (UTC) Received: from localhost ([::1]:36140 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1klDON-0003Ur-59 for larch@yhetil.org; Fri, 04 Dec 2020 10:53:07 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:47324) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1klDO6-0003U0-D8 for guix-devel@gnu.org; Fri, 04 Dec 2020 10:52:50 -0500 Received: from mail1.g12.pair.com ([66.39.4.99]:34916) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1klDO4-00013X-Hg for guix-devel@gnu.org; Fri, 04 Dec 2020 10:52:50 -0500 Received: from mail1.g12.pair.com (localhost [127.0.0.1]) by mail1.g12.pair.com (Postfix) with ESMTP id 94F5A7317A for ; Fri, 4 Dec 2020 10:52:45 -0500 (EST) Received: from guix.local (w135107.ppp.asahi-net.or.jp [121.1.135.107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail1.g12.pair.com (Postfix) with ESMTPSA id 0585F73177 for ; Fri, 4 Dec 2020 10:52:44 -0500 (EST) Message-ID: Subject: guix environment: error: cannot create container: unprivileged user cannot create user namespaces From: yasu To: guix-devel@gnu.org Date: Sat, 05 Dec 2020 00:52:42 +0900 Content-Type: multipart/alternative; boundary="=-yhmia4wWv4w3FWWOBbCh" User-Agent: Evolution 3.34.2 MIME-Version: 1.0 Received-SPF: none client-ip=66.39.4.99; envelope-from=yasu@yasuaki.com; helo=mail1.g12.pair.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.29 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 46384940253 X-Spam-Score: -1.29 X-Migadu-Scanner: ns3122888.ip-94-23-21.eu X-TUID: 0CnurRySKpE/ --=-yhmia4wWv4w3FWWOBbCh Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit Hi Guix Development, I rely on the -C option below to compile ./pre-inst-env . guix environment -C guix (I learned the technique through https://gitlab.com/pjotrp/guix-notes/blob/master/INSTALL.org - ./pre-inst-env just won't compile correctly unless I follow the instructions on the page) However, this feature has become unavailable after the commit 8bc5ca5160db... ~/co/guix (master)$ guix environment -C guix guix environment: error: cannot create container: unprivileged user cannot create user namespaces guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1" The commit details are below: commit 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e Author: Paul Garlick Date: Thu Dec 3 16:00:18 2020 +0000 linux-container: Correct test for unprivileged user namespace support. Fixes ;;. Reported by Paul Garlick . * gnu/build/linux-container.scm (unprivileged-user-namespace- supported?): Return #f when the 'userns-file' does not exist. diff --git a/gnu/build/linux-container.scm b/gnu/build/linux- container.scm index 4a8bed5a9a..3870b50907 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -44,7 +44,7 @@ (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone")) (if (file-exists? userns-file) (eqv? #\1 (call-with-input-file userns-file read-char)) - #t))) + #f))) (define (setgroups-supported?) "Return #t if the setgroups proc file, introduced in Linux-libre 3.19, I hope this is a bug that can be fixed. Otherwise, it looks like I won't be able to compile pre-inst-env? Cheers, Yasu --=-yhmia4wWv4w3FWWOBbCh Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable
Hi Guix Development,

I rely on the -C opt= ion below to compile ./pre-inst-env .

guix environment -C guix
<= br>
./pre-inst= -env just won't compile correctly unless I follow the instructions on the p= age)

However, this feature has become unavailable = after the commit 8bc5ca5160db...

~/co/guix (master)$ guix environment -C guix
<= div>guix environment: error: cannot create container: unprivileged user = cannot create user namespaces
guix environment: error: ple= ase set /proc/sys/kernel/unprivileged_userns_clone to "1"


The commit details are below:
commit 8bc5ca5160db3d82bd5b6b2= b7ed80c96f42bd33e
<= div>

    Reported by P= aul Garlick <pgar= lick@tourbillion-technology.com>.

 &nb= sp;  * gnu/build/linux-container.scm (unprivileged-user-namespace= -supported?):
    Return #f when the 'userns-= file' does not exist.

diff --git a/gnu/build/linux= -container.scm b/gnu/build/linux-container.scm
index 4a8bed5a9a..= 3870b50907 100644
--- a/gnu/build/linux-container.scm
+= ++ b/gnu/build/linux-container.scm
@@ -44,7 +44,7 @@
&n= bsp;  (let ((userns-file "/proc/sys/kernel/unprivileged_userns_cl= one"))
     (if (file-exists? userns-fil= e)
         (eqv? #\= 1 (call-with-input-file userns-file read-char))
-  &nbs= p;     #t)))
+    &n= bsp;   #f)))

 (define (setgrou= ps-supported?)
   "Return #t if the setgroups proc= file, introduced in Linux-libre 3.19,


<= /div>
I hope this is a bug that can be fixed. Otherwise, it looks lik= e I won't be able to compile pre-inst-env?

Cheers,
Yasu
--=-yhmia4wWv4w3FWWOBbCh--