bug#45069: Guix System: unprivileged user cannot create user namespaces?

zimoun Mon, 07 Dec 2020 09:46:26 -0800

Hi,

On Mon, 07 Dec 2020 at 18:13, Pierre Neidhardt <m...@ambrevar.xyz> wrote:


>> Can you try, as root on Guix System:
>>
>> $ echo 1 > /proc/sys/kernel/unprivileged_userns_clone
>
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> -bash: /proc/sys/kernel/unprivileged_userns_clone: No such file or directory

In gnu/build/linux-container.scm, it reads:

--8<---------------cut here---------------start------------->8---
(define (unprivileged-user-namespace-supported?)
  "Return #t if user namespaces can be created by unprivileged users."
  (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
    (if (file-exists? userns-file)
        (eqv? #\1 (call-with-input-file userns-file read-char))
        #t)))
--8<---------------cut here---------------end--------------->8---

Does it mean that the Linux kernel on Guix System does not support
namespaces by unprivileged users?

Turning #t to #f should work on Guix System and it appears to me a
severe bug if not.  What do I miss?  Please could someone fill my gap? :-)


All the best,
simon

bug#45069: Guix System: unprivileged user cannot create user namespaces?

Reply via email to