I found several permission denied errors:
a) /home/ubuntu/.dpkg.cfg
Permission denied on open, even though the file does not exist. Had to chmod
0755 /home/ubuntu
b) /boot/System.map-6.8.0-31-generic is 0600 on the host, had to change
it to 0644
c) apparmor unprivileged_userns is blocking capabilities:
/etc/apparmor.d/unprivileged_userns:
profile unprivileged_userns {
audit deny capability, <----
audit deny change_profile,
That is needed by mmdebootstrap when it calls unshare like this:
unshare --user --map-auto --map-user=65536 --map-group=65536 --keep-
caps -- /sbin/mkfs.ext4 -L debvm -F -d /bigtmp/tmp.yGUlfXANQu nbd.img
The "--keep-caps" bit.
Weirdly, that apparmor denial is NOT logged: I only get this:
[Mon Sep 9 20:39:11 2024] audit: type=1400 audit(1725914351.710:178):
apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns
create - transitioning profile" profile="unconfined" pid=51074 comm="unshare"
requested="userns_create" target="unprivileged_userns"
But when I allow capabilities, not only does that unshare command work, I also
get:
[Mon Sep 9 20:37:28 2024] audit: type=1400 audit(1725914248.385:174):
apparmor="AUDIT" operation="capable" class="cap" profile="unprivileged_userns"
pid=50944
comm="mkfs.ext4" capability=2 capname="dac_read_search"
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2078255
Title:
autopkgtest error: rm: cannot remove '/tmp/tmp.OoiXjLc9ID/root':
Permission denied
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nbd/+bug/2078255/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
