From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id aIcCHSQ8cGemeQEA62LTzQ:P1 (envelope-from ) for ; Sat, 28 Dec 2024 17:57:56 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp1.migadu.com with LMTPS id aIcCHSQ8cGemeQEA62LTzQ (envelope-from ) for ; Sat, 28 Dec 2024 18:57:56 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=PkBxFbVd; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1735408676; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=POZolVIxFhLalquvzIOo/d/+KML9Dm/YM1tiCun4gak=; b=bsqbW27btVzOSPtszB6XOjNohKIGOZGvZFXj80I7lFILv4QW/CoF/GfEXnGcTl66z9BBpX +5g5KE75Y+hBf9l5QMs6jpx9USo1gQrIC4QbS4mjWuYLDjsTjFu7EZOSyreouuK6oJrMji ntG+JiXLXpnLxWPPG0vvm0piqUK5vd2SwyLvlKIWSkx3Yp1RYTnUgqfKFsq3H1H9Lo8DKd +ystGFaKNXrMMT9T3RJU1NSXRofek+VHcQ3kBAtugwkS/LloW/z45auGoXuP4dvpq/Zfuy bA8L/n5SNQGM8BF4NgYx8S+4igcc9O+N7gBpO1KKHW/yAuj7ZMxa+WcB6/Ze6w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=gnu.org header.s=fencepost-gnu-org header.b=PkBxFbVd; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1735408676; a=rsa-sha256; cv=none; b=QzXYYS2RIwt1En5Wr46oUoeqgykojhU6ikyzkHTWeF4G/M37x+AkLNiR+0r2pBljgjPRIF 7fhV9eirSJcEoxxpp/nt25qQ5elAiS6+zaLWVfETzsj7OlWdsw81q6kYc71ahKG7Fs5Nwt fYJnEXTL0cvuePHvDrTTmSUHg7+fZjJAcxfIsOV2g0YbD03icMxLpgQhO+PFx4bSTU+sc2 Vmxsnwok+pdYhK7fkZEAHFamUgxnMTfkzSNRI0Wa4N13uZElTVVDtpizhtSYQ2ILclc21w tgu3LWansFeyf+U5+8DOhehtxGF7pCIj5o4kQWaa/7bvS/p4bpryhlKE1005Yg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 095908EF01 for ; Sat, 28 Dec 2024 18:57:55 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1tRb43-00026i-F7; Sat, 28 Dec 2024 12:57:27 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRb3x-00025r-1d for help-guix@gnu.org; Sat, 28 Dec 2024 12:57:22 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1tRb3w-0005NG-Hw; Sat, 28 Dec 2024 12:57:20 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=POZolVIxFhLalquvzIOo/d/+KML9Dm/YM1tiCun4gak=; b=PkBxFbVdeoQr6zv+TcN6 yA1ioOcIbyO5aDVK/EI4uGRryPC5ved3qeuSYFJGSdwctBLPIHz0XkLlK9zb6WlMTu8UxjkGfpUKc IxBYrRHD5u+r9+vueFJn8ZgAlwxMwhxXRclqsdHpN0p7oje/asgrGAEC2BcDESSY6Tk0jd/IcmSnF ooZTwczEa/ISxccGUODr+Xm4mePkzbo+m7mL3hqxogCXIowp7VMCx5bsq1yl2Q4mZxru3L2J1eUzp 6HxQYSbtmOJljhrzTZ8uvUqwDe6wGDDTcY3vVhoHaITYuO5yM10wKzaRi5WjsNQb04rcy9GUnUBpl 4904o+f01lL64g==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Marc Coquand Cc: help-guix@gnu.org Subject: Re: least-authority-wrapper - clone: permission not permitted In-Reply-To: <874j37kicn.fsf@coquand.email> (Marc Coquand's message of "Fri, 13 Dec 2024 12:06:16 +0200") References: <874j37kicn.fsf@coquand.email> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Octidi 8 =?utf-8?Q?Niv=C3=B4se?= an 233 de la =?utf-8?Q?R=C3=A9volution=2C?= jour du Fumier X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Sat, 28 Dec 2024 18:57:17 +0100 Message-ID: <87o70vu1vm.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx11.migadu.com X-Migadu-Spam-Score: -8.86 X-Spam-Score: -8.86 X-Migadu-Queue-Id: 095908EF01 X-TUID: uZZKEOttroE7 Hi Marc, Marc Coquand skribis: > After some debugging, I found that it was the namespace 'mnt that was > causing issues, the script works when I remove it.=20 > > The error I'm getting is > > Backtrace: > 5 (primitive-load "/var/lib/laminar/cfg/after") > In ice-9/eval.scm: > 191:35 4 (_ #f) > In gnu/build/linux-container.scm: > 300:8 3 (call-with-temporary-directory #) > 397:16 2 (_ "/tmp/guix-directory.nIT1Mt") > 239:7 1 (run-container "/tmp/guix-directory.nIT1Mt" (#< ?) ?) > In guix/build/syscalls.scm: > 1143:12 0 (_ 131089) > > guix/build/syscalls.scm:1143:12: In procedure clone: 131089: Operation no= t permitted > > When I try to invoke the script. > > Any clue why I'm getting the operation not permitted error?=20 Are unprivileged user namespaces enabled on this system? If they are, could it be that you=E2=80=99re trying to run this from a name= space that lacks this capability? (I always forget why exactly you cannot always create processes in separate namespaces, but there are restrictions that show up typically when nesting things.) HTH, Ludo=E2=80=99.