Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

nix install on linux can fail with "cloning builder process: Operation not permitted" #1030

Open
simonmichael opened this issue May 18, 2019 · 1 comment
Labels
packaging Dependencies, version constraints, packaging.. platform:nix

Comments

@simonmichael
Copy link
Owner

simonmichael commented May 18, 2019

The nix command for installing hledger, on the download page, can fail with an error like:

cloning builder process: Operation not permitted

since nix requires some kernel permission that GNU/Linux distros may not grant by default (NixOS/nix#2633). The workaround is to run a command similar to:

sudo sysctl kernel.unprivileged_userns_clone=1

before running nix-env.

Is it safe to leave this permission enabled ? https://security.stackexchange.com/questions/209529/what-does-enabling-kernel-unprivileged-userns-clone-do thinks not. So maybe you should disable it again after running nix-env:

sudo sysctl kernel.unprivileged_userns_clone=0

This all seems pretty lame, presumably nix will fix eventually.

@simonmichael simonmichael added packaging Dependencies, version constraints, packaging.. platform:nix labels May 18, 2019
simonmichael added a commit that referenced this issue May 18, 2019
simonmichael added a commit that referenced this issue May 18, 2019
@peti
Copy link
Contributor

peti commented Jun 1, 2019

Note NixOS/nix#2633 (comment). Nix needs those privileges to set up the build sandbox. Without sandboxing enabled, those privileges are not required.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
packaging Dependencies, version constraints, packaging.. platform:nix
Projects
None yet
Development

No branches or pull requests

2 participants