Richard Purdie escreveu (quinta,
12/09/2024 à(s) 21:37):
> On Thu, 2024-09-12 at 18:29 +0100, Jose Quaresma via
> lists.openembedded.org wrote:
> >
> >
> > Ross Burton via lists.openembedded.org
> > escreveu (quinta,
> > 12/09/2024 à(s) 17:57):
> > > If user namespaces are not available (typical
On Thu, 2024-09-12 at 18:29 +0100, Jose Quaresma via
lists.openembedded.org wrote:
>
>
> Ross Burton via lists.openembedded.org
> escreveu (quinta,
> 12/09/2024 à(s) 17:57):
> > If user namespaces are not available (typically because AppArmor is
> > blocking them), alert the user.
> >
> > We co
Ross Burton escreveu (quinta, 12/09/2024 à(s) 18:32):
>
>
> > On 12 Sep 2024, at 18:29, Jose Quaresma wrote:
> > The error message could be better imo.
> > It will also happen inside a docker container that runs without the
> NET_ADMIN capability, which is the default.
> >
> https://docs.docker.
On Thu, Sep 12, 2024 at 7:28 PM Ross Burton wrote:
>
> By which do you mean the build failed gracefully, whereas previously it would
> have exploded?
Without existing TMPDIR it failed with just the error from sanity
check (as expected).
With existing TMPDIR (where sanity check was already execu
> On 12 Sep 2024, at 18:29, Jose Quaresma wrote:
> The error message could be better imo.
> It will also happen inside a docker container that runs without the NET_ADMIN
> capability, which is the default.
> https://docs.docker.com/engine/containers/run/#runtime-privilege-and-linux-capabilities
Ross Burton via lists.openembedded.org escreveu (quinta, 12/09/2024 à(s) 17:57):
> If user namespaces are not available (typically because AppArmor is
> blocking them), alert the user.
>
> We consider network isolation sufficiently important that this is a fatal
> error, and the user will need to
By which do you mean the build failed gracefully, whereas previously it would
have exploded?
Ross
> On 12 Sep 2024, at 18:22, Martin Jansa wrote:
>
> Works as expected, the build failed :).
>
> openembedded-core/build$ bitbake -k zlib-native
> ERROR: User namespaces are not usable by BitBake,
Works as expected, the build failed :).
openembedded-core/build$ bitbake -k zlib-native
ERROR: User namespaces are not usable by BitBake, possibly due to AppArmor.
See
https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#unprivileged-user-namespace-restrictions
for mor
Note that in its final form this isn’t had any testing on an Ubuntu machine, so
testing would be appreciated if anyone has an Ubuntu 24.x machine (not a
container, need their kernel) with apparmor enabled.
Thanks,
Ross
> On 12 Sep 2024, at 17:57, Ross Burton via lists.openembedded.org
> wrote
If user namespaces are not available (typically because AppArmor is
blocking them), alert the user.
We consider network isolation sufficiently important that this is a fatal
error, and the user will need to configure AppArmor to allow bitbake to
create a user namespace.
[ YOCTO #15592 ]
Signed-o
10 matches
Mail list logo