| 11 Dec 2024 |
 jade_ | In reply to @rhelmot:matrix.org
I've been having this problem with nix forever and just working around it but now that lix is here and I can have nice things I figured I would ask - does anyone know why the nix/lix testcases fail when you build it in a sandboxed nix daemon that is NOT running on nixos? Asking here first on the off chance that this is a known quantity and I can save myself some debugging time :) thats weird because it does not happen to me and i have been building lix since day 0 | 21:11:15 |
| jade_ | so i think you might want to file a bug :) | 21:11:25 |
| jade_ | it may be kernel weird or other weird | 21:11:41 |
 rhelmot | bluh | 21:11:57 |
| rhelmot | okie | 21:11:58 |
| jade_ | which distro is it? | 21:12:39 |
| rhelmot | ubuntu | 21:16:30 |
| rhelmot | also my university kubernetes cluster which I expect is also ubuntu | 21:16:46 |
| rhelmot | in both of these cases the nix used was NOT the ubuntu distro - it was built from nixpkgs | 21:17:07 |
| rhelmot | I am penning the issue rn. will include as much info as I can | 21:19:06 |
 puck | what's the error you're getting, btw? is it about namespaces? | 21:19:42 |
| rhelmot | one of them is about namespaces | 21:19:53 |
| rhelmot | `unshare: write failed /proc/self/uid_map: Operation not permitted`` | 21:20:10 |
| puck | yeah, okay, that's not quite the same error but useful to keep track of | 21:20:32 |
| puck | OH it's inside kubernetes | 21:20:37 |
| puck | * OH it's inside kubernetes/a container | 21:20:44 |
| rhelmot | this also happens just on my laptop | 21:20:49 |
| rhelmot | not containerized | 21:20:53 |
| puck | okay, that's more reasonable to debug then | 21:20:56 |
| rhelmot | yeah thank god | 21:21:04 |
| rhelmot | I gave the container full fuck-you-escape-the-sandbox permissions so hopefully that's not related | 21:21:27 |
| puck | In reply to @rhelmot:matrix.org
`unshare: write failed /proc/self/uid_map: Operation not permitted`` oh, looking up that error, might be useful to check if /proc/sys/kernel/apparmor_restrict_unprivileged_userns is 1, and if it is, if echo 0 | sudo tee /proc/sys/kernel/apparmor_restrict_unprivileged_userns solves the issue here | 21:23:37 |
| rhelmot | APPARMOR???? | 21:23:48 |
| rhelmot | lsjkdj | 21:23:49 |
| puck | (also, dmesg maybe has audit logs here) | 21:25:06 |
| rhelmot | hmmm... the kubernetes cluster doesn't have that option. the kernel is pretty old (5.15.0-125-generic) though | 21:26:03 |
| puck | yeah, it seems to have been introduced in 24.04 (LTS) | 21:26:58 |
| puck | or, no, 23.10? | 21:27:36 |
| jade_ | oh i think we might have an uwuntu bug already actually | 21:36:17 |
| jade_ | i think this has been complained about already | 21:36:31 |
