On Sat, 05 Dec 2020 at 13:55:04 +0100, Kai Juse wrote: > bwrap: No permissions to creating new namespace, likely because the kernel > does not allow non-privileged user namespaces. On e.g. debian this can be > enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
On standard Debian kernels, /usr/bin/bwrap needs to be setuid root. Is it? The bwrap package should set this up automatically, unless you have reconfigured it with dpkg-statoverride. It is also possible to make /usr/bin/bwrap not be setuid (the same as on Ubuntu and Fedora, for example) using dpkg-statoverride, but if you do that, you need to configure the kernel as suggested in the error message (so the kernel makes the same security tradeoffs that it does on Ubuntu and Fedora). See https://bugs.debian.org/898446 for more information on the security tradeoffs. smcv