search

fsquillace / junest

The lightweight Arch Linux based distro that runs, without root privileges, on top of any other Linux distro.
GNU General Public License v3.0
2.1k stars 110 forks source link

[BUG] does not work on Ubuntu 24 #355

Closed NightMachinery closed 4 months ago

NightMachinery commented 4 months ago 
> /home/guest/.junest/usr/bin_wrappers/sudo pacman -Syy
bwrap: setting up uid map: Permission denied
Error: Something went wrong while executing bwrap command. Exiting
❯ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 24.04 LTS
Release:        24.04
Codename:       noble

❯ uname -a
Linux Taher 6.8.0-36-generic #36-Ubuntu SMP PREEMPT_DYNAMIC Mon Jun 10 10:49:14 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux
NightMachinery commented 4 months ago

I solved this by:

cat << 'EOF' | sudo tee -a /etc/sysctl.d/soften.conf
kernel.apparmor_restrict_unprivileged_unconfined=0
kernel.apparmor_restrict_unprivileged_userns=0
EOF

sudo reboot

But this requires root access. Is there no way to do it without root access?

fsquillace commented 4 months ago

Thanks for raising this, I am afraid that if ubuntu does not have user namespace enabled by default, a root access is needed. I am not really sure why they have done this. :/

In other ubuntu versions and majority of distros this is enabled by default.

NightMachinery commented 4 months ago

So it's impossible? I'll close the issue then, thanks.

rickybrent commented 2 months ago

I ran into the same problem -- you can enable user namespaces just for junest like this (at the default install location):

cat << 'EOF' | sudo tee /etc/apparmor.d/junest | sudo apparmor_parser -a
abi <abi/4.0>,
include <tunables/global>

profile junest @{HOME}/.opt/junest/bin/junest flags=(unconfined) {
  userns,
}
EOF

... though this does still require root.

contrarybaton60 commented 2 weeks ago

https://github.com/linuxmint/mint22-beta/issues/82