Public bug reported:
Hello,
I wanted to build an operating system image ubuntu version 24.04 for amd64 on
amd64 machine with mkiso 25.3-5ubuntu2 on Ubuntu 25.10 and also on Ubuntu 26.04
(daily build) without root. It failed with (full log in attachment):
mkosi was forbidden to unshare namespaces.
...
File
"/home/es/.cache/mkosi/mkosi-workspace-pra_l0n7/tmp/tmpqpfaz5t4/mkosi/sandbox.py",
line 134, in unshare
oserror("unshare")
~~~~~~~^^^^^^^^^^^
File
"/home/es/.cache/mkosi/mkosi-workspace-pra_l0n7/tmp/tmpqpfaz5t4/mkosi/sandbox.py",
line 129, in oserror
raise OSError(ctypes.get_errno(), os.strerror(ctypes.get_errno()), filename
or None)
PermissionError: [Errno 1] Operation not permitted
I use following config:
[Distribution]
Distribution=ubuntu
Release=noble
Architecture=amd64
[Output]
Format=directory
[Content]
Packages=systemd
bash
coreutils
apt
ANALYSIS:
I know this issue is triggered because user namespaces are restricted by
apparmor in ubuntu, i am aware of:
https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces
SOLUTION:
I followed the guide
(https://ubuntu.com/blog/ubuntu-23-10-restricted-unprivileged-user-namespaces)
and did a apparmor profile for mkosi (Its in the attachments). Now it works. So
just adding the apparmor profile to the package solve this problem for all
users.
** Affects: mkosi (Ubuntu)
Importance: Undecided
Status: New
** Patch added: "usr.bin.mkosi"
https://bugs.launchpad.net/bugs/2138495/+attachment/5939468/+files/usr.bin.mkosi
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2138495
Title:
apparmor profile for rootless builds is missing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mkosi/+bug/2138495/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
