I cannot start nix-portable as a user

[vinniec2]

I tried nix-portable on void, porteus, devuan, and endeavouros (arch) always getting the same error, example in void:

error: setting up a private mount namespace: Operation not permitted

I read around that I have to activate "user namespaces", but for void it seemed already active (In the other distros there were different parameters to set):

user.max_user_namespaces = 14505

However when I tried to run the command with sudo, I could see htop running. Could it be a permission issue?

I should specify that while I tested nix-portable on void installed on a physical machine, the other three distributions were on a virtual machine (virtual box).

Thanks :)

[vinniec2]

Although endeavouros is eventually an arch, I thought I should try one of the tested systems, and I tried debian (always virtualized in vbox):

$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description:    Debian GNU/Linux 12 (bookworm)
Release:    12
Codename:   bookworm

But nothing, still the same problems:

$ ./nix-portable nix run nixpkgs#htop
Installing git. Disable this by specifying the git executable path with 'NP_GIT'
error: setting up a private mount namespace: Operation not permitted

I have always tried to activate user namespaces by following some commands found on the net, but there is nothing to do:

# /sbin/sysctl -w kernel.unprivileged_userns_clone=1
kernel.unprivileged_userns_clone = 1
# /sbin/sysctl -w kernel.unprivileged_userns_apparmor_policy=1
kernel.unprivileged_userns_apparmor_policy = 1
# /sbin/sysctl -w kernel.userns_restrict=0
sysctl: cannot stat /proc/sys/kernel/userns_restrict: File o directory non esistente

I understand little about it, but I wanted to test if I was really having problems with the user namespace I tried this command found on this site:

$ unshare --user --map-root-user --mount-proc --pid --fork
#

And it works!

On void meanwhile, I tried doing some bundles from root and it works (some don't, like vscodium) even if I try to use the package as a user.

[vinniec2]

Maybe while testing I found a bug: I tried passing a bundle into a virtual machine (porteus) to see if it worked. Yes it works but if you set the variable NP_LOCATION it does not work.

Also, it looks like the bundle wants to download git, now I don't know how nix-portable works, though I understand that the bundle unzips in ~/.nix_portable though for some reason it downloads git (unless you set the NP_GIT variable), though if one doesn't have the connection, technically the bundle doesn't work.

I also tried it on tinycore (an even more minimal distro than porteus), but I couldn't get it to run, I think because of the lack of unzip and bash and I don't remember if anything else.

also there are some bundles that just don't work, such as the vscode bundle, and others that are not created (can't remember now which ones).

[orzFly]

See #98. You may try add NP_RUNTIME=bwrap to workaround this until #98 is fixed.

[vinniec2]

See #98. You may try add NP_RUNTIME=bwrap to workaround this until #98 is fixed.

Works perfectly :heart:

[vinniec2]

I don't want to bore you by continuing to create issues, I keep writing in this one even though technically I should open a new one for each new issue. I am now trying nix-portable on alpine and with the bwrap fix suggested by orzFly the programs start:

/media/date/nix-portable $ export NP_RUNTIME="bwrap"
/media/date/nix-portable $ export NP_LOCATION="/media/date/nix-portable/.nix-portable"
./nix-portable nix run nixpkgs#htop

but if I try to create an environment to make bundles as suggested in the readme, I get an error:

$ ./nix-portable nix shell nixpkgs#{bashInteractive,nix} -c bash
path '/media/date/nix-portable/nixpkgs' does not contain a 'flake.nix', searching up
error: getting status of '/media/date/nix-portable/nixpkgs': No such file or directory

maybe it is something new that has to do with the recent changes on flake.lock?

[DavHau]

Maybe the state got corrupted. Does deleting the NP_LOCATION directory fix it?

[vinniec2]

I had tried twice already, but I can try one more by doing a more accurate test. There's still also the problem that you need to be connected to the internet to first start even what you had already downloaded and installed previously with nix-portable nix run package. I will try now, after a reboot :)