Skip to content

Fix detach-netns permission error on Ubuntu 25.04 #496

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Mar 9, 2025
Merged

Fix detach-netns permission error on Ubuntu 25.04 #496

merged 1 commit into from
Mar 9, 2025

Conversation

AkihiroSuda
Copy link
Member

On Ubuntu 25.04, unshare is subject to /etc/apparmor.d/unshare-userns-restrict that disables mounting.

$ rootlesskit --detach-netns bash
[rootlesskit:child ] error: failed to create a detached netns on "/tmp/rootlesskit2294453251/netns":
failed to execute [unshare -n mount --bind /proc/self/ns/net /tmp/rootlesskit2294453251/netns]:
exit status 32 (out="mount: /tmp/rootlesskit2294453251/netns: permission denied.\n       dmesg(1) may have more information after failed mount system call.\n")

Fix #494

Alternative to PR #495

@AkihiroSuda
Fix detach-netns permission error on Ubuntu 25.04
dd377ba 
On Ubuntu 25.04, `unshare` is subject to `/etc/apparmor.d/unshare-userns-restrict`
that disables mounting.

```
$ rootlesskit --detach-netns bash
[rootlesskit:child ] error: failed to create a detached netns on "/tmp/rootlesskit2294453251/netns":
failed to execute [unshare -n mount --bind /proc/self/ns/net /tmp/rootlesskit2294453251/netns]:
exit status 32 (out="mount: /tmp/rootlesskit2294453251/netns: permission denied.\n       dmesg(1) may have more information after failed mount system call.\n")
```

Fix issue 494

Alternative to PR 495

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
@AkihiroSuda AkihiroSuda added this to the v2.4.0 (tentative) milestone Mar 9, 2025
This was referenced Mar 9, 2025
Closed
Closed
Closed
@AkihiroSuda AkihiroSuda merged commit d38d0a3 into rootless-containers:master Mar 9, 2025
6 checks passed
This was referenced Mar 10, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.3.3
1 participant
@AkihiroSuda