Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using distrobuilder in ubuntu_latest on aarch64 will give an error( Failed to unshare namespaces: Operation not permitted ) #140

Open
spiritLHLS opened this issue Jan 15, 2024 · 2 comments
Open

Using distrobuilder in ubuntu_latest on aarch64 will give an error( Failed to unshare namespaces: Operation not permitted ) #140

spiritLHLS opened this issue Jan 15, 2024 · 2 comments

Comments

@spiritLHLS
Copy link

spiritLHLS commented Jan 15, 2024
edited

Very nice program.
But I'm having some minor problems with it.

https://github.com/oneclickvirt/incus_images/blob/main/.github/workflows/build_kali_arm64.yml

I tried to compile and install https://github.com/lxc/distrobuilder for use using the ubuntu_latest image on the aarch64 architecture, but it reported an error during use $HOME/goprojects/bin/distrobuilder --version:

Failed to unshare namespaces: Operation not permitted

Full logs: https://github.com/oneclickvirt/incus_images/actions/runs/7526849891/job/20485804861#step:3:1503

        sudo apt-get install build-essential -y
        export CGO_ENABLED=1
        export CC=gcc
        wget https://go.dev/dl/go1.21.6.linux-arm64.tar.gz
        chmod 777 go1.21.6.linux-arm64.tar.gz
        rm -rf /usr/local/go && tar -C /usr/local -xzf go1.21.6.linux-arm64.tar.gz
        export GOROOT=/usr/local/go
        export PATH=$GOROOT/bin:$PATH
        export GOPATH=$HOME/goprojects/
        go version
        apt-get install -q -y debootstrap rsync gpg squashfs-tools git make
        git config --global user.name "daily-update"
        git config --global user.email "tg@***.top"
        mkdir -p $HOME/go/src/github.com/lxc/
        cd $HOME/go/src/github.com/lxc/
        git clone https://github.com/lxc/distrobuilder
        cd ./distrobuilder
        make
        export PATH=$HOME/goprojects/bin/distrobuilder:$PATH
        echo $PATH
        find $HOME -name distrobuilder -type f 2>/dev/null
        distrobuilder --version
        $HOME/goprojects/bin/distrobuilder --version

So far I've only done the above, Is there any way to perform the repair?
@martin-g
Copy link
Contributor

According to https://unix.stackexchange.com/questions/669523/why-non-root-user-cannot-unshare-pid-namespace the unshare (pid) namespace operation needs CAP_SYS_ADMIN capability, i.e. root access to the host.
You may try to add --cap-add SYS_ADMIN to the action's dockerRunArgs but I barely remember that Github Actions forbids this.

@spiritLHLS spiritLHLS changed the title Using distrobuilder in ubuntu_latest on aarch64 will give an error Using distrobuilder in ubuntu_latest on aarch64 will give an error( Failed to unshare namespaces: Operation not permitted ) Jan 16, 2024
@spiritLHLS
Copy link
Author

spiritLHLS commented Jan 16, 2024
edited

According to https://unix.stackexchange.com/questions/669523/why-non-root-user-cannot-unshare-pid-namespace the unshare (pid) namespace operation needs CAP_SYS_ADMIN capability, i.e. root access to the host. You may try to add --cap-add SYS_ADMIN to the action's dockerRunArgs but I barely remember that Github Actions forbids this.

I add --cap-add SYS_ADMIN and got another error Failed to mark / private: Permission denied.
There seems to be no solution to this problem.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@martin-g @spiritLHLS