* Permission denied then running guix shell -C on Ubuntu
@ 2024-05-05 17:47 Gabriel Pickl
2024-05-05 18:02 ` Gabriel Pickl
0 siblings, 1 reply; 2+ messages in thread
From: Gabriel Pickl @ 2024-05-05 17:47 UTC (permalink / raw)
To: help-guix
Hi everyone :)
I've recently started using GUIX on Ubuntu 24.04 (Installed via the
install script), and have run into a bit of a problem.
When running something like `guix shell -C guile` (the package list
doesn't matter) I get the following error message:
```
guix shell: error: mount: mount "none" on "/tmp/guix-directory.xwKsHW":
Permission denied
```
`dmesg` doesn't show any messages during the run.
Turning AppArmor off changes the error:
```
guix shell: error: clone: 2114060305: Permission denied
```
And also causes the following dmesg line to be printed (I thought I had
disabled AppArmor... huh)
```
audit: type=1400 audit(1714930774.939:64): apparmor="DENIED"
operation="userns_create" class="namespace" info="Userns create
restricted - failed to find unprivileged_userns profile" error=-13
profile="unconfined" pid=5486 comm="guix" requested="userns_create"
denied="userns_create" target="unprivileged_userns"
```
I found some bug reports that might be related, but I don't know enough
about GUIX or AppArmor (mentioned below) to extract anything useful from
them
* https://issues.guix.gnu.org/61690
* https://issues.guix.gnu.org/46292
* https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg6057761.html
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Permission denied then running guix shell -C on Ubuntu
2024-05-05 17:47 Permission denied then running guix shell -C on Ubuntu Gabriel Pickl
@ 2024-05-05 18:02 ` Gabriel Pickl
0 siblings, 0 replies; 2+ messages in thread
From: Gabriel Pickl @ 2024-05-05 18:02 UTC (permalink / raw)
To: help-guix
It seems like creating a custom AppArmor profile like described in
https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg6057881.html
but specifying the actual guix command (in my case
/gnu/store/5447wg7dp8qwlii61r5spyf9r4953b55-guix-command) allows me to
create containers, but I assume this will break the next time I update
guix. It would be lovely to fix this in a way that wasn't so temporary ^^'
On 5/5/24 19:47, Gabriel Pickl wrote:
>
> Hi everyone :)
>
> I've recently started using GUIX on Ubuntu 24.04 (Installed via the
> install script), and have run into a bit of a problem.
>
> When running something like `guix shell -C guile` (the package list
> doesn't matter) I get the following error message:
>
> ```
> guix shell: error: mount: mount "none" on
> "/tmp/guix-directory.xwKsHW": Permission denied
> ```
>
> `dmesg` doesn't show any messages during the run.
>
> Turning AppArmor off changes the error:
>
> ```
> guix shell: error: clone: 2114060305: Permission denied
> ```
>
> And also causes the following dmesg line to be printed (I thought I
> had disabled AppArmor... huh)
>
> ```
> audit: type=1400 audit(1714930774.939:64): apparmor="DENIED"
> operation="userns_create" class="namespace" info="Userns create
> restricted - failed to find unprivileged_userns profile" error=-13
> profile="unconfined" pid=5486 comm="guix" requested="userns_create"
> denied="userns_create" target="unprivileged_userns"
> ```
>
> I found some bug reports that might be related, but I don't know
> enough about GUIX or AppArmor (mentioned below) to extract anything
> useful from them
>
> * https://issues.guix.gnu.org/61690
> * https://issues.guix.gnu.org/46292
> * https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg6057761.html
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-05-06 14:50 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-05 17:47 Permission denied then running guix shell -C on Ubuntu Gabriel Pickl
2024-05-05 18:02 ` Gabriel Pickl
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).