[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: least-authority-wrapper - clone: permission not permitted
|
From: |
Ludovic Courtès |
|
Subject: |
Re: least-authority-wrapper - clone: permission not permitted |
|
Date: |
Sat, 28 Dec 2024 18:57:17 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Hi Marc,
Marc Coquand <marc@coquand.email> skribis:
> After some debugging, I found that it was the namespace 'mnt that was
> causing issues, the script works when I remove it.
>
> The error I'm getting is
>
> Backtrace:
> 5 (primitive-load "/var/lib/laminar/cfg/after")
> In ice-9/eval.scm:
> 191:35 4 (_ #f)
> In gnu/build/linux-container.scm:
> 300:8 3 (call-with-temporary-directory #<procedure 7f7e58d71a50?>)
> 397:16 2 (_ "/tmp/guix-directory.nIT1Mt")
> 239:7 1 (run-container "/tmp/guix-directory.nIT1Mt" (#<<fil?> ?) ?)
> In guix/build/syscalls.scm:
> 1143:12 0 (_ 131089)
>
> guix/build/syscalls.scm:1143:12: In procedure clone: 131089: Operation not
> permitted
>
> When I try to invoke the script.
>
> Any clue why I'm getting the operation not permitted error?
Are unprivileged user namespaces enabled on this system?
If they are, could it be that you’re trying to run this from a namespace
that lacks this capability? (I always forget why exactly you cannot
always create processes in separate namespaces, but there are
restrictions that show up typically when nesting things.)
HTH,
Ludo’.