It seems like creating a custom AppArmor profile like described in
https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg6057881.html
but specifying the actual guix command (in my case
/gnu/store/5447wg7dp8qwlii61r5spyf9r4953b55-guix-command) allows me to
create containers, but I assume this will break the next time I update
guix. It would be lovely to fix this in a way that wasn't so temporary ^^'
On 5/5/24 19:47, Gabriel Pickl wrote:
Hi everyone :)
I've recently started using GUIX on Ubuntu 24.04 (Installed via the
install script), and have run into a bit of a problem.
When running something like `guix shell -C guile` (the package list
doesn't matter) I get the following error message:
```
guix shell: error: mount: mount "none" on
"/tmp/guix-directory.xwKsHW": Permission denied
```
`dmesg` doesn't show any messages during the run.
Turning AppArmor off changes the error:
```
guix shell: error: clone: 2114060305: Permission denied
```
And also causes the following dmesg line to be printed (I thought I
had disabled AppArmor... huh)
```
audit: type=1400 audit(1714930774.939:64): apparmor="DENIED"
operation="userns_create" class="namespace" info="Userns create
restricted - failed to find unprivileged_userns profile" error=-13
profile="unconfined" pid=5486 comm="guix" requested="userns_create"
denied="userns_create" target="unprivileged_userns"
```
I found some bug reports that might be related, but I don't know
enough about GUIX or AppArmor (mentioned below) to extract anything
useful from them
* https://issues.guix.gnu.org/61690
* https://issues.guix.gnu.org/46292
* https://www.mail-archive.com/ubuntu-bugs@lists.ubuntu.com/msg6057761.html
