Hi, Efraim Flashner <[email protected]> writes:
> (ins)ubuntu@ubuntu:~$ unshare -mrnf ifconfig lo up > unshare: write failed /proc/self/uid_map: Operation not permitted > (ins)ubuntu@ubuntu:~$ cat /etc/os-release > PRETTY_NAME="Ubuntu 24.04.2 LTS" It may have to do with Ubuntu’s restrictions on unprivileged user namespaces: https://ubuntu.com/blog/whats-new-in-security-for-ubuntu-24-04-lts: https://discourse.ubuntu.com/t/understanding-apparmor-user-namespace-restriction/58007 https://seclists.org/oss-sec/2025/q1/253 The solution appears to be to disable those restrictions with something like: sysctl kernel.apparmor_restrict_unprivileged_userns off … or to provide a suitable AppArmor profile, as discussed for ‘guix shell -C’: https://issues.guix.gnu.org/71226 Ludo’.
