search

binpash / try

Inspect a command's effects before modifying your live system
MIT License
5.18k stars 66 forks source link

unshare: unshare failed: Operation not permitted #129

Closed Subfire closed 11 months ago

Subfire commented 11 months ago

in my Debian 12

[root@75849523300f tools]$ ./try ls unshare: unshare failed: Operation not permitted

and ./try any_command, it will show "unshare: unshare failed: Operation not permitted"

ezrizhu commented 11 months ago

Hi, could you see if you will get the same error by running unshare --map-root-user (if it works, then you want to type exit to leave the namespace)

If you got the same operation not permitted, please run this command sudo sysctl -w kernel.unprivileged_userns_clone=1 You can also make this persistent by appending kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf

Subfire commented 11 months ago

Hi, could you see if you will get the same error by running unshare --map-root-user (if it works, then you want to type exit to leave the namespace)

If you got the same operation not permitted, please run this command sudo sysctl -w kernel.unprivileged_userns_clone=1 You can also make this persistent by appending kernel.unprivileged_userns_clone=1 to /etc/sysctl.conf

it may cause of https://serverfault.com/a/939457/354181

ezrizhu commented 11 months ago

Does that solve the issue for you?

Subfire commented 11 months ago

Does that solve the issue for you?

no😂, exec "sysctl -w kernel.unprivileged_userns_clone=1" have some error, i'm Google-ing it

[root@75849523300f tools]$ unshare --map-root-user unshare: unshare failed: Operation not permitted

[root@75849523300f tools]$ sysctl -w kernel.unprivileged_userns_clone=1 sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory

ezrizhu commented 11 months ago

are you in a container already?

Subfire commented 11 months ago

are you in a container already?

Yes, but i' have try it in VMware Debian 12, it also the same problem. should i use it only in physical machine?

ezrizhu commented 11 months ago

Try should work on privileged containers. I’m assuming in VMWare you are using a virtualized machine, is it the same error, did you try the sysctl config

Subfire commented 11 months ago

Try should work on privileged containers. I’m assuming in VMWare you are using a virtualized machine, is it the same error, did you try the sysctl config

I'm a little confused, thanks for your reply. I'll think it again