error: cannot set loopback interface flags: Operation not permitted

[josh-stratton]

Platform

• [X] Linux: Ubuntu 24.04
• [ ] macOS
• [ ] WSL

Additional information

Running a pretty fresh install of Ubuntu 24.04. Running a script that installs nix and seeing an "Operation not permitted" error. Extracted the line out and run standalone and still hitting an error.

Output

$ /nix/store/lf71w8bsmj6pijwxcw12s272fimxqwv1-nix-2.6.1/bin/nix-env -i /nix/store/lf71w8bsmj6pijwxcw12s272fimxqwv1-nix-2.6.1 --show-trace
installing 'nix-2.6.1'
error: cannot set loopback interface flags: Operation not permitted

       … while setting up the build environment

I get the error just running it with the install flag even when nothing is being installed.

$ /nix/store/lf71w8bsmj6pijwxcw12s272fimxqwv1-nix-2.6.1/bin/nix-env -i
error: cannot set loopback interface flags: Operation not permitted
(use '--show-trace' to show detailed location information)

$ /nix/store/lf71w8bsmj6pijwxcw12s272fimxqwv1-nix-2.6.1/bin/nix-env 
error: no operation specified
Try '/nix/store/lf71w8bsmj6pijwxcw12s272fimxqwv1-nix-2.6.1/bin/nix-env --help' for more information.

Priorities

Add :+1: to issues you find important.

[abathur]

Are you offline, or do you have some sort of proxy? Can you try latest Nix instead of the 2.6 this script is using?

I wonder if you're running into the issue fixed by:

• 10067

[josh-stratton]

Going to close this out as can't repro. I don't think my network was anything elaborate, but I'm wondering if something was setup correctly so I fell back to Ubuntu 22.04 and haven't had any problems since.

[josh-stratton]

Reopening because I can repro on another fresh install of Ubuntu 24.04, so I'm pretty sure it's not something I did during my previous setup.

To repro: 1) Install Ubuntu 24.04 2) Download nix (I'm using 2.6.1--http://ftp.tku.edu.tw/Linux/NixOS/nix/nix-2.6.1/nix-2.6.1-x86_64-linux.tar.xz) 3) Unpackage 4) Run install

~/Downloads/nix-2.6.1-x86_64-linux$ ./install
Note: a multi-user installation is possible. See https://nixos.org/manual/nix/stable/installation/installing-binary.html#multi-user-installation
performing a single-user installation of Nix...
copying Nix to /nix/store...........................................
installing 'nix-2.6.1'
error: cannot set loopback interface flags: Operation not permitted
(use '--show-trace' to show detailed location information)
./install: unable to install Nix into your default profile

[josh-stratton]

@abathur I downloaded the latest nix and it installed fine, but I'm concerned about using a different nix version than the one my team is using.

I did look at that PR and I don't have any proxy|PROXY variables in my env.

[itspngu]

I can confirm this to be an issue on Ubuntu 24.04 after upgrading from 22.04, though it happens when using nix flakes rather than during installation of nix itself - I run a single-user installation though.

I did a little digging and it appears to be related to changes in AppArmor policies shipped with the new ubuntu release: https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#p-99950-unprivileged-user-namespace-restrictions

I can get past the error by running sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 as root before subsequently building the flake, which doesn't seem like a great idea however. A proper fix for this would likely involve creating an AppArmor profile for nix and instructing users of Ubuntu to somehow install that, but my limited experience with mandatory access control in Linux is with SELinux, not AppArmor, so if anyone wants to chime in on this that'd be great :)

[josh-stratton]

Thanks, Thorben. I ended up trying a newer version of nix, and haven't noticed any incompatibilities yet. :crossed_fingers:

I've disabled AppArmor a few times for unrelated problems, so it's good to know it's the same issue and there's a workaround.